Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Now Firefox 25 support TLSv1.2, how can I enable SHA-2 ciphers?

  • 3 پاسخ
  • 9 have this problem
  • 3 views
  • آخرین پاسخ توسّط gsc-frank

more options

I just install Firefox 25 and configure TLS min and max values to 3, then visit this site https://cc.dcsec.uni-hannover.de/ which report no SHA-2 ciphers. What I must do to enable SHA-2 ciphers on Firefox 25. Exist some web app I need access that just allow SHA-2 ciphers.

I just install Firefox 25 and configure TLS min and max values to 3, then visit this site https://cc.dcsec.uni-hannover.de/ which report no SHA-2 ciphers. What I must do to enable SHA-2 ciphers on Firefox 25. Exist some web app I need access that just allow SHA-2 ciphers.

Modified by gsc-frank

All Replies (3)

more options

New information: I tested on Ubuntu 13.10 using ppa:mozillateam/firefox-next to have Firefox using NSS 3.15.1 and result the same, no SHA256 ciphers was available.

Modified by gsc-frank

more options

Are you referring to the value that show in the MAC field or the key size that is specified?

I keep some 128 bit ciphers disabled and see this:

This connection uses TLSv1 with CAMELLIA256-SHA and a 256 Bit key for encryption.
Ciphers: ff,c00a,c014,c00f,c005,84,35,96,04,c008,c012,16,13,c00d,c003,feff,0a 
(c0,0a)
ECDHE-ECDSA-AES256-SHA
256 Bit
Key exchange: ECDH, encryption: AES, MAC: SHA1.
(c0,14)
ECDHE-RSA-AES256-SHA
256 Bit
Key exchange: ECDH, encryption: AES, MAC: SHA1.
(c0,0f)
ECDH-RSA-AES256-SHA
256 Bit
Key exchange: ECDH, encryption: AES, MAC: SHA1.
(c0,05)
ECDH-ECDSA-AES256-SHA
256 Bit
Key exchange: ECDH, encryption: AES, MAC: SHA1.
(00,84)
RSA-CAMELLIA256-SHA
256 Bit
Key exchange: RSA, encryption: Camellia, MAC: SHA1.
(00,35)
RSA-AES256-SHA
256 Bit
Key exchange: RSA, encryption: AES, MAC: SHA1.
more options

Thanks for you reply cor-el

I'm referring to the MAC value. "openssl ciphers -v | grep TLSv1.2" will show no SHA1 in MAC, and that is a problem a think: a server that just support TLSv1.2 ciphers will not offer SHA1 for MAC and as Firefox not support SHA-2, will be unable to communicate with it. Last Google Chrome and Opera works fine again the server I tested.