[Ach] Firefox 27.0 now supports TLS 1.1 and 1.2

Julien Vehent julien at linuxwall.info
Wed Feb 5 21:42:38 CET 2014

On 2014-02-05 04:09, Alan Orth wrote:
> Hi, all.
> Firefox 27.0 was released[0] yesterday and now supports TLS 1.1 and 1.2,
> and should therefore have some new crypto algorithms available for use.
> The How's My SSL website[1] shows that Firefox is now "Probably ok" (was
> "Bad" before), and a visit to Google over TLS[2] shows that Firefox is
> now using AES_GCM instead of AES_CBC.  Not sure if this will influence
> the order of preferred ciphers in our CipherSuite...?
> Cheers!
> [0] https://www.mozilla.org/en-US/firefox/27.0/releasenotes/
> [1] https://www.howsmyssl.com/
> [2] https://encrypted.google.com/

We had a very long discussion on the dev-tech-crypto mailing list when
Brian Smith submitted his proposal for reorganizing the ciphers in FF.
If you haven't, I recommend you read it [0]. The thread contains tons of
elements on ciphers security.

Most of that work was done in parallel with the server side recommendation
for TLS [1], so both orderings follow the same principles.

Note that context matters, and some choices might be different from what
bettercrypto recommends.

- Julien

[1] https://wiki.mozilla.org/Security/Server_Side_TLS

More information about the Ach mailing list