My current understanding is that Mozilla Firefox also has issues with ECDHE.
For example applications implementing a web server and library specific cipher suites may be incompatible with Firefox if ECDHE is enabled .
However the same self signed certificate installed in different web server for example apache are compatible with Firefox with ECDHE enabled.
My current hypothesis is that not all open source projects '"purchased" a class three public certificate authority from the likes of Symantec with prevents the certificate store
from falling back to a SSL 3.0
That essentially to all certificate stores are equal & that hashing an appropriate algorithm is becoming non standardized in the event that the certificate is not a trusted root.
Regards
Patrick
> On Aug 29, 2017, at 8:23 AM, Rupert Gallagher <ruga@protonmail.com> wrote:
>
>> Clean up the EC key/curve configuration handling. We no longer support ECDH and ECDHE can be disabled by removing ECDHE ciphers from the cipher list. As such, permanently enable automatic EC curve selection and generation, effectively disabling all of the configuration knobs.
>
> https://www.tedunangst.com/flak/post/openbsd-changes-of-note-627
>
> The description
No comments:
Post a Comment