Now Firefox 25 support TLSv1.2, how can I enable SHA-2 ciphers?
I just install Firefox 25 and configure TLS min and max values to 3, then visit this site https://cc.dcsec.uni-hannover.de/ which report no SHA-2 ciphers. What I must do to enable SHA-2 ciphers on Firefox 25. Exist some web app I need access that just allow SHA-2 ciphers.
Geändert am von gsc-frank
Alle Antworten (3)
New information: I tested on Ubuntu 13.10 using ppa:mozillateam/firefox-next to have Firefox using NSS 3.15.1 and result the same, no SHA256 ciphers was available.
Geändert am von gsc-frank
Are you referring to the value that show in the MAC field or the key size that is specified?
I keep some 128 bit ciphers disabled and see this:
This connection uses TLSv1 with CAMELLIA256-SHA and a 256 Bit key for encryption. Ciphers: ff,c00a,c014,c00f,c005,84,35,96,04,c008,c012,16,13,c00d,c003,feff,0a
(c0,0a) ECDHE-ECDSA-AES256-SHA 256 Bit Key exchange: ECDH, encryption: AES, MAC: SHA1. (c0,14) ECDHE-RSA-AES256-SHA 256 Bit Key exchange: ECDH, encryption: AES, MAC: SHA1. (c0,0f) ECDH-RSA-AES256-SHA 256 Bit Key exchange: ECDH, encryption: AES, MAC: SHA1. (c0,05) ECDH-ECDSA-AES256-SHA 256 Bit Key exchange: ECDH, encryption: AES, MAC: SHA1. (00,84) RSA-CAMELLIA256-SHA 256 Bit Key exchange: RSA, encryption: Camellia, MAC: SHA1. (00,35) RSA-AES256-SHA 256 Bit Key exchange: RSA, encryption: AES, MAC: SHA1.
Thanks for you reply cor-el
I'm referring to the MAC value. "openssl ciphers -v | grep TLSv1.2" will show no SHA1 in MAC, and that is a problem a think: a server that just support TLSv1.2 ciphers will not offer SHA1 for MAC and as Firefox not support SHA-2, will be unable to communicate with it. Last Google Chrome and Opera works fine again the server I tested.