Hey,

While poking around with a new web app I'm building, I noticed that Firefox
25.0 is emitting cipher suite 0xFEFF in its client hello to TLS 1.2
servers[1] and was hoping some of you might be able to tell me more about
it. I wasn't able to find a spec referencing it (other than the TLS specs
reserving the 0xFE space).

I dug through the NSS codebase and found where it was defined in
lib/ssl/sslproto.h as:

  /* New non-experimental openly spec'ed versions of those cipher suites. */
  #define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff
  #define SSL_RSA_FIPS_WITH_DES_CBC_SHA       0xfefe

What's interesting is that these lines of code have not been touched since
changeset 206:4ca6e9545364, roughly the dawn of time for NSS repo. The
changeset's summary is "Initial NSS Open Source checkin" like the ones
before it.

Does anyone know what spec this cipher suite came from? And, perhaps, why
it's still a good idea to be in the client hello? This last question I ask
very gently and out of curiosity.

[1]  and perhaps other versions, not yet tested.
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to