[Ach] Firefox 27.0 now supports TLS 1.1 and 1.2
Aaron Zauner
azet at azet.org
Thu Feb 6 22:19:42 CET 2014
Well. Not true. You can get AES-GCM also with non-ephemeral handshakes.
ECDSA is prefered because the computational overhead is very small in
comparison to DHE (which none of the larger web platforms will use, because
it'll kill their servers with serious real-life traffic at hand). Didn't I
say so a couple of months back? Nobody will use DHE and people will
complain on the list (as they did) :)
Aaron
On Thu, Feb 6, 2014 at 7:29 PM, Pepi Zawodsky <pepi.zawodsky at maclemon.at>wrote:
> On 05.02.2014, at 10:09, Alan Orth <alan.orth at gmail.com> wrote:
> > is now using AES_GCM instead of AES_CBC. Not sure if this will influence
> > the order of preferred ciphers in our CipherSuite...?
> It also seems to move ECDHE handshakes to the top and only enables GCM
> modes for ECDHE, not for DHE. (Through specified in
> http://tools.ietf.org/html/rfc5288#page-2 ) Which means, you only get
> AES_GCM with NIST ECC curves in reality.
>
> This is the order I get with RC4, DES, DSS, SSLv3 disabled in about:config.
> • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
> • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
> • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
> • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
> • TLS_DHE_RSA_WITH_AES_128_CBC_SHA
> • TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
> • TLS_DHE_RSA_WITH_AES_256_CBC_SHA
> • TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
> • TLS_RSA_WITH_AES_128_CBC_SHA
> • TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
> • TLS_RSA_WITH_AES_256_CBC_SHA
> • TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
>
> Anyone have an idea why Safari, Chrome, and now also Firefox prefer ECDSA?
> Best regards
> Pepi
>
> _______________________________________________
> Ach mailing list
> Ach at lists.cert.at
> http://lists.cert.at/cgi-bin/mailman/listinfo/ach
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.cert.at/pipermail/ach/attachments/20140206/607f0cfb/attachment.html>
More information about the Ach
mailing list