Martin Thomson <martin.thom...@gmail.com> writes: >How is the client doing any of this? The server picks the cipher suite.
Sorry, I meant the client only offers pure-RSA, not DHE+RSA, so the server is forced to pick pure-RSA, e.g.: Chrome: Offered suite: TLS_RSA_WITH_AES_128_CBC_SHA. Accepted suite: TLS_RSA_WITH_AES_128_CBC_SHA. Offered suite: TLS_RSA_WITH_AES_256_CBC_SHA. Offered suite: SSL_RSA_WITH_3DES_EDE_CBC_SHA. This is on a system without ECDHE present, so the server is looking for DHE (preferentially) or RSA (if it really has to), the ECDHE suites are skipped. This was noticed on systems which had disabled the pure-RSA suites because some industry compliance thing required it, and found that Chrome was now unusable for any of their devices. (My suggestion that they might consider QQ Browser didn't go down too well...). >Newer versions might not have DHE, which I hope is consistent with your >expectations Well, that'd bring FF closer to Chrome's brokenness. I guess I could add a comment about FF copying everything Chrome does as being consistent with my expectations :-). >As of the latest version, things should be the same - extensions shouldn't >affect whether connections work. Sure, the only reason for mentioning the "last version with extensions" is that apparently some of the systems require browser extensions, and they aren't going to be rewritten for current versions of Firefox. So it was whatever the last version with extensions was, either 52ESR or 56 (I didn't ask, I'm on FF 56). >The problem with DHE of course being that it uses the TLS 1.0 suites with the >SHA1 MAC and with the MAC and encrypt in the wrong order. Given that SHA-1 is used in the HMAC form it doesn't really matter security- wise... the order of MAC and encrypt also depends on EtM/LTS support, I didn't check for who does what there, the real issue was to report on browser issues when used in a SCADA environment and to poke vendors with a bit of a WTF?! for their cipher suite support, or lack thereof. Currently the best by a long shot is FF. Peter. _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
