Honzab,
Honzab wrote:
Julien Pierre napsal:
NSS only supports RSA ECDHE cipher suites on the client side at this
time, so this is expected. If you are using NSS on the server side, you
need to enable alternate cipher suites - and of course you need to
enable them on the client side as well.
Thanks for advise, unfortunatelly this invokes another problem. I
enabled for client and sever another 4 suites:
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
These cipher suites all require a certificate with an EC public key.
I believe for the first 2, the certificate must be signed by ECDSA, for
the last 2, by RSA.
And yet another question: why do you restrict usage to just the ECC
cryptography? Means this to stop using classic DH and RSA?
I'm sorry, I made a mistake earlier. All the EC cipher suites are
supported on both sides.
Only the DHE/RSA cipher suites are supported on the client-side only.
The list of client-side only cipher suites is :
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
All other cipher suites are supported for both client and server sides.
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
