Hi,
I tried the following this morning on Firefox (updated from F20 repos):
https://www.fortify.net/sslcheck.html
and came up with 128-bit encryption. I could swear that at least the last time I checked it, it used to report 256-bit encryption. I wonder if/why this no longer holds.
I am using firefox-29.0.1-1.fc20.x86_64.
Many thanks, Ranjan
____________________________________________________________ FREE 3D MARINE AQUARIUM SCREENSAVER - Watch dolphins, sharks & orcas on your desktop! Check it out at http://www.inbox.com/marineaquarium
2014-05-23 6:43 GMT+03:00 Ranjan Maitra maitra.mbox.ignored@inbox.com:
Hi,
I tried the following this morning on Firefox (updated from F20 repos):
https://www.fortify.net/sslcheck.html
and came up with 128-bit encryption. I could swear that at least the last time I checked it, it used to report 256-bit encryption. I wonder if/why this no longer holds.
I am using firefox-29.0.1-1.fc20.x86_64.
Many thanks, Ranjan
Check about:config for disabled security.ssl3 fields, however mostly it's about server's chosen cipher from your ClientHello preferable cipher suite list.
FREE 3D MARINE AQUARIUM SCREENSAVER - Watch dolphins, sharks & orcas on your desktop! Check it out at http://www.inbox.com/marineaquarium
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
2014-05-23 9:27 GMT+03:00 Joe Zeff joe@zeff.us:
On 05/22/2014 11:00 PM, Alchemist wrote:
Check about:config for disabled security.ssl3 fields, however mostly it's about server's chosen cipher from your ClientHello preferable cipher suite list.
I'm getting the same thing on FF 20 and F19. Which fields need to be enabled?
It is necessary only if settings are modified manually or by third party extension, otherwise FF cipher suite defaults are fine (however I preffer disable all "weak" DES and RC4 except security.ssl3.rsa_rc4_128_sha, as is brokes too many sites). Take a look at better checker f.e https://cc.dcsec.uni-hannover.de/
users mailing list
users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
On 05/23/2014 05:43 AM, Ranjan Maitra wrote:
Hi,
I tried the following this morning on Firefox (updated from F20 repos):
https://www.fortify.net/sslcheck.html
and came up with 128-bit encryption. I could swear that at least the last time I checked it, it used to report 256-bit encryption. I wonder if/why this no longer holds.
I am using firefox-29.0.1-1.fc20.x86_64.
Many thanks, Ranjan
Hi Ranjan, I'm getting the same results for Konqueror and Google-chrome!
Don't bother with AES-256 unless you are using RSA 15360 or ECDSA p521. Well MAYBE you can get away with RSA 7680 or ECDSA p384.
Please see: http://www.nsa.gov/business/programs/elliptic_curve.shtml
And the general crypto community agrees with this analysis. Note I am NOT a cyrptographer, I just work closely with them as I am a crypto-plumber. I get these algorithms working in protocols (like my HIP protocol).
Oh, our product protects you with AES-256! Well what mode of operation are you using for that? Um, that is proprietary information. Huh? What is proprietary about modes of operation, well what asymmetric algorithm and keysize are you using? RSA 2048 for greater strength than those that use RSA 1024!
Some implementors just don't have a crypto clue.
On 05/22/2014 11:43 PM, Ranjan Maitra wrote:
Hi,
I tried the following this morning on Firefox (updated from F20 repos):
https://www.fortify.net/sslcheck.html
and came up with 128-bit encryption. I could swear that at least the last time I checked it, it used to report 256-bit encryption. I wonder if/why this no longer holds.
I am using firefox-29.0.1-1.fc20.x86_64.
Many thanks, Ranjan
FREE 3D MARINE AQUARIUM SCREENSAVER - Watch dolphins, sharks & orcas on your desktop! Check it out at http://www.inbox.com/marineaquarium