[Ach] Firefox 27.0 now supports TLS 1.1 and 1.2

Pepi Zawodsky pepi.zawodsky at maclemon.at
Thu Feb 6 19:29:54 CET 2014


On 05.02.2014, at 10:09, Alan Orth <alan.orth at gmail.com> wrote:
> is now using AES_GCM instead of AES_CBC.  Not sure if this will influence
> the order of preferred ciphers in our CipherSuite...?
It also seems to move ECDHE handshakes to the top and only enables GCM modes for ECDHE, not for DHE. (Through specified in http://tools.ietf.org/html/rfc5288#page-2 ) Which means, you only get AES_GCM with NIST ECC curves in reality.

This is the order I get with RC4, DES, DSS, SSLv3 disabled in about:config.
	• TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
	• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
	• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
	• TLS_DHE_RSA_WITH_AES_128_CBC_SHA
	• TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
	• TLS_DHE_RSA_WITH_AES_256_CBC_SHA
	• TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
	• TLS_RSA_WITH_AES_128_CBC_SHA
	• TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
	• TLS_RSA_WITH_AES_256_CBC_SHA
	• TLS_RSA_WITH_CAMELLIA_256_CBC_SHA

Anyone have an idea why Safari, Chrome, and now also Firefox prefer ECDSA?
Best regards
Pepi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20140206/d5db42c2/attachment.sig>


More information about the Ach mailing list