Hey, While poking around with a new web app I'm building, I noticed that Firefox 25.0 is emitting cipher suite 0xFEFF in its client hello to TLS 1.2 servers[1] and was hoping some of you might be able to tell me more about it. I wasn't able to find a spec referencing it (other than the TLS specs reserving the 0xFE space).
I dug through the NSS codebase and found where it was defined in lib/ssl/sslproto.h as: /* New non-experimental openly spec'ed versions of those cipher suites. */ #define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff #define SSL_RSA_FIPS_WITH_DES_CBC_SHA 0xfefe What's interesting is that these lines of code have not been touched since changeset 206:4ca6e9545364, roughly the dawn of time for NSS repo. The changeset's summary is "Initial NSS Open Source checkin" like the ones before it. Does anyone know what spec this cipher suite came from? And, perhaps, why it's still a good idea to be in the client hello? This last question I ask very gently and out of curiosity. [1] and perhaps other versions, not yet tested. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto