Now Firefox 25 support TLSv1.2, how can I enable SHA-2 ciphers?
I just install Firefox 25 and configure TLS min and max values to 3, then visit this site https://cc.dcsec.uni-hannover.de/ which report no SHA-2 ciphers. What I must do to enable SHA-2 ciphers on Firefox 25. Exist some web app I need access that just allow SHA-2 ciphers.
Modified
All Replies (3)
New information: I tested on Ubuntu 13.10 using ppa:mozillateam/firefox-next to have Firefox using NSS 3.15.1 and result the same, no SHA256 ciphers was available.
Modified
Are you referring to the value that show in the MAC field or the key size that is specified?
I keep some 128 bit ciphers disabled and see this:
This connection uses TLSv1 with CAMELLIA256-SHA and a 256 Bit key for encryption. Ciphers: ff,c00a,c014,c00f,c005,84,35,96,04,c008,c012,16,13,c00d,c003,feff,0a
(c0,0a) ECDHE-ECDSA-AES256-SHA 256 Bit Key exchange: ECDH, encryption: AES, MAC: SHA1. (c0,14) ECDHE-RSA-AES256-SHA 256 Bit Key exchange: ECDH, encryption: AES, MAC: SHA1. (c0,0f) ECDH-RSA-AES256-SHA 256 Bit Key exchange: ECDH, encryption: AES, MAC: SHA1. (c0,05) ECDH-ECDSA-AES256-SHA 256 Bit Key exchange: ECDH, encryption: AES, MAC: SHA1. (00,84) RSA-CAMELLIA256-SHA 256 Bit Key exchange: RSA, encryption: Camellia, MAC: SHA1. (00,35) RSA-AES256-SHA 256 Bit Key exchange: RSA, encryption: AES, MAC: SHA1.
Thanks for you reply cor-el
I'm referring to the MAC value. "openssl ciphers -v | grep TLSv1.2" will show no SHA1 in MAC, and that is a problem a think: a server that just support TLSv1.2 ciphers will not offer SHA1 for MAC and as Firefox not support SHA-2, will be unable to communicate with it. Last Google Chrome and Opera works fine again the server I tested.