> I've read that SHA1 can be brute forced however why Mozilla Firefox forces a ECDH is misunderstood if attempting to negotiate for example RSA In my experience sea monkey can authenticate correctly against an apple key-chain however Firefox returns cipher suite errors Regards Patrick > On Aug 29, 2017, at 2:25 PM, Rupert Gallagher wrote: > > https://www.ssllabs.com/ssltest/viewClient.html?name=Firefox&version=53&platform=Win%207&key=142 > > Sent from ProtonMail Mobile > > On Tue, Aug 29, 2017 at 5:08 PM, Patrick Dohman wrote: > >> My current understanding is that Mozilla Firefox also has issues with ECDHE. For example applications implementing a web server and library specific cipher suites may be incompatible with Firefox if ECDHE is enabled . However the same self signed certificate installed in different web server for example apache are compatible with Firefox with ECDHE enabled. My current hypothesis is that not all open source projects '"purchased" a class three public certificate authority from the likes of Symantec with prevents the certificate store from falling back to a SSL 3.0 That essentially to all certificate stores are equal & that hashing an appropriate algorithm is becoming non standardized in the event that the certificate is not a trusted root. Regards Patrick > On Aug 29, 2017, at 8:23 AM, Rupert Gallagher wrote: > >> Clean up the EC key/curve configuration handling. We no longer support ECDH and ECDHE can be disabled by removing ECDHE ciphers from the cipher list. As such, permanently enable automatic EC curve selection and generation, effectively disabling all of the configuration knobs. > > https://www.tedunangst.com/flak/post/openbsd-changes-of-note-627 > > The description @protonmail.com>@centurylink.net> @protonmail.com>
No comments:
Post a Comment