Re: Proposal to Change the Default TLS Ciphersuites Offered by Browsers

2013-08-26 Thread Kurt Roeckx
On Mon, Aug 26, 2013 at 05:16:43PM -0700, Robert Relyea wrote: > 2) It does have a significant downside speed wise. I was responsible > for measuring this once from the server perspective (we were trying to > convince people to use ECC. I could only get wins over RSA at the 2048 > bit range with E

Re: Proposal to Change the Default TLS Ciphersuites Offered by Browsers

2013-08-26 Thread Robert Relyea
On 08/26/2013 02:24 PM, Brian Smith wrote: > On Thu, Aug 22, 2013 at 11:21 AM, Robert Relyea wrote: > >> So looking at this list, I think we have a major inconsistency. >> >> We put Ephemeral over non-ephemeral, but we put 128 over 256. >> >> While I'm OK with Ephemeral (PFS) over non-ephermal (no

Re: Proposal to Change the Default TLS Ciphersuites Offered by Browsers

2013-08-26 Thread Brian Smith
On Mon, Aug 26, 2013 at 2:24 PM, Brian Smith wrote: > Something to note is that MSIE has always put AES-128 cipher suites ahead > of AES-128 cipher suites. They also put RSA cipher suites ahead of PFS > cipher suites, though. > > I meant: MSIE has always put AES-128 cipher suites ahead of **AES-

Re: Proposal to Change the Default TLS Ciphersuites Offered by Browsers

2013-08-26 Thread Brian Smith
On Thu, Aug 22, 2013 at 11:21 AM, Robert Relyea wrote: > So looking at this list, I think we have a major inconsistency. > > We put Ephemeral over non-ephemeral, but we put 128 over 256. > > While I'm OK with Ephemeral (PFS) over non-ephermal (non-pfs), I think > in doing so we are taking a much

Re: NSS+JSS in FIPS mode for Encryption and Decryption in java

2013-08-26 Thread helpcrypto helpcrypto
In the past we used JSS but at the end we have move to SunPKCS11 provider. Consider using it as stated in http://docs.oracle.com/javase/6/docs/technotes/guides/security/p11guide.html#NSS My two cents. On Thu, Aug 22, 2013 at 9:12 PM, raj wrote: > Need help in doing the NSS+JSS in FIPS mode for

Re: Need to use the main NSS module as a PKCS#11 module in IBM Notes

2013-08-26 Thread helpcrypto helpcrypto
+1! On Sun, Aug 25, 2013 at 3:02 AM, Kyle Hamilton wrote: > Hi, > > I'm finding myself in a situation where I need to use the certificates and > keys stored in my standard NSS profile in other applications. > > My initial, naïve idea was that NSS itself is a PKCS#11 module. > Unfortunately, thi

Re: 64bit NSS build on windows 7 x64

2013-08-26 Thread helpcrypto helpcrypto
I compiled nss+nspr+modutil+certutil 32 bits vs2009 last week. Didnt compile 64 bits cause Firefox 64 bits is no longer supported (IIRC). On Sat, Aug 24, 2013 at 2:21 PM, wrote: > I searched the net for 64bit build but didn't find anything, I don't have > enough time to build it myself so Can y