On 2018-05-08 22:49, Kai Engert wrote:
Notable changes:
* The TLS 1.3 implementation was updated to Draft 28.
I find it unfortunate that you update the draft version to 28 and did
not keep it at 26 like some other implementations, since the protocol
did not change since draft 26. This makes
On Wed, Oct 18, 2017 at 11:27:45AM +0200, Gregory Szorc wrote:
> The way you specify the desired TLS protocol version (which is heavily
> inspired by OpenSSL's API) is to pass a protocol constant along with some
> more options to control ciphers, protocol options (like compression), etc.
> If you
On 2017-05-24 02:39, Roger Dunn wrote:
We are moving from OpenSSL to Java to handle CSRs for our CA. Our devices
require a custom 'description' field as part of the Subject sequence.
(Related link)
https://linux.die.net/man/3/x509_name_get_text_by_nid
The following command line fails (we are
On 2015-03-14 01:23, kim.da...@safe-mail.net wrote:
Is there an agreed timeline for deprecation of the technologies listed in the
initial posting? We should be proactive in this field.
For example, last month a plan to deploy 12000 devices to medical professionals
has been finalised, despite
On 2015-02-28 04:15, Kosuke Kaizuka wrote:
I also propose removing the following ciphersuit:
000A TLS_RSA_WITH_3DES_EDE_CBC_SHA
because 3DES is a cipher that requires too much computing power compared to
AES, much more computer memory, lacks hardware acceleration on servers, is
rarely
On 2015-03-02 13:32, Hubert Kario wrote:
Not true. In Alexa top 1 million I found at least 439 servers which support
only 3DES and have valid certificates. If Firefox removes RC4, I'm sure that
this will make this number effectively only larger (80% of servers still
support RC4, 15% prefer RC4
On 2014-07-10 13:53, Henri Sivonen wrote:
On Tue, Jul 1, 2014 at 11:58 PM, Brian Smith br...@briansmith.org wrote:
I am interested in discussing what we can do to help more server side
products get better cipher suites by default, and on deciding whether we
add support for ChaCha20-Poly1304
On Thu, Jul 10, 2014 at 09:57:56AM -0700, Brian Smith wrote:
On Thu, Jul 10, 2014 at 5:33 AM, Kurt Roeckx k...@roeckx.be wrote:
[snip]
An other alternative is using curve25519. It's also not standardized yet,
but at this time it seems more likely to be standardized first.
Thanks
On 2014-06-30 02:35, Hubert Kario wrote:
The benefits of ECDHE outweigh the risks of using RC4,
I have to disagree here. Even 1024 bit DHE requires a targeted attack at ~80 bit
complexity. Currently we see RC4 at around 56 bit, with a completely unoptimized
attack...
Do you have a reference
On Sun, Mar 23, 2014 at 08:43:35AM -0700, gegard4321 wrote:
Another reason to enable DHE_RSA_AES_*_GCM: Mozilla's new account system only
supports RSA and DHE_RSA ciphers:
https://www.ssllabs.com/ssltest/analyze.html?d=accounts.firefox.com
Same goes for mozilla.org and bugzilla.
Firefox
On Thu, Feb 06, 2014 at 09:57:34PM +, gegard4321-bugzi...@yahoo.co.uk wrote:
Regarding the other variants of AES-GCM
-TLS_RSA_WITH_AES_128_GCM_SHA256
There are some sites support AES-GCM that use only ciphers with RSA key
exchange. I think it would be best not to support new standards
On 2014-01-27 02:43, ripber...@aol.com wrote:
Hi,
So I didn't get to the bottom of this thread because some of it is 'loading'
I really recommend that you do read all the messages. All of this has
been discussed in various thread both here and on other lists.
Encryption:
AES-256
On Mon, Jan 27, 2014 at 09:26:20AM -0800, ripber...@aol.com wrote:
2) NIST is a US government standards board that drives a lot of compliance
regulation. There are companies what will want to be able show that they
are NIST compliant.
I'm sure it is important to some. But I
On 2013-12-17 16:02, Stéphanie Ouillon wrote:
Hi,
I'm in the Firefox OS Security team and I'm starting working on adding
support for stronger passwords in the Firefox OS lockscreen (bug 877541)
[1].
At the moment, only a 4-digit password can be configured and we want to
improve that for FxOS
On Fri, Jan 10, 2014 at 08:11:02PM -0500, Julien Vehent wrote:
On Thu, Jan 09, 2014 at 12:59:40PM -0500, Julien Vehent wrote:
I started a scan of Alexa's top 1 million websites. It's going to
take a few days to have all the results.
So far, 21 out of 1396 websites scanned support neither AES
On 2013-12-15 02:41, Brian Smith wrote:
On Sat, Dec 14, 2013 at 4:47 PM, Kosuke Kaizuka cai.0...@gmail.com wrote:
little supported, never negotiated cipher
One of the largest websites which support Camellia is Yahoo!.
Firefox 26 or lower use TLS_RSA_WITH_CAMELLIA_256_CBC_SHA with Yahoo!.
On Thu, Jan 09, 2014 at 12:59:40PM -0500, Julien Vehent wrote:
On 2014-01-09 06:41, Kurt Roeckx wrote:
I'm considering if we should also drop support for RC4 on the
client side. At least IE11 on windows 8.1 doesn't do RC4, but does
do 3DES.
I started a scan of Alexa's top 1 million websites
On Fri, Jan 03, 2014 at 12:19:10AM +0100, Aaron Zauner wrote:
3DES isn't broken.
Triple DES provides about 112bit security (We've a section on the topic in
the Paper in the Keylenghts section). All ciphers that we
recomend are at least at 128bit security.
The document doesn't seem to say
On Thu, Jan 02, 2014 at 09:33:24PM +0100, Aaron Zauner wrote:
I *think* they want to prefer CAMELLIA to AES, judging by the published
ciphersuite.
But the construction must be wrong because it returns AES first. If the
intent is to
prefer Camellia, then I am most interesting in the
On Thu, Jan 02, 2014 at 10:10:49PM +0100, Aaron Zauner wrote:
What's the take on the ChaCha20/Poly1305 proposal by the Mozilla Sec. Team by
the way?
Not being part of the mozilla team myself, I at least have the
impression that they want it. You might want to look at this
old version:
On Thu, Jan 02, 2014 at 02:12:47PM -0800, Ryan Sleevi wrote:
What's the take on the ChaCha20/Poly1305 proposal by the Mozilla Sec.
Team by the way?
There are 5 security teams at Mozilla, so Mozilla Sec Team is a very
large group.
I think we all want a new stream cipher in TLS to
On Sun, Dec 15, 2013 at 11:22:32AM -0500, Julien Vehent wrote:
For the same reason, the server ciphersuite that we recommend at
https://wiki.mozilla.org/Security/Server_Side_TLS
does not drop Camellia, but lists it at the bottom of the ciphersuite.
It's a safe choice, but not one that we
On Sat, Dec 14, 2013 at 05:41:55PM -0800, Brian Smith wrote:
Fx26Fx27 Change Cipher Suite
0.00% 14.15% +14.15% TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (new)
0.00% 8.30% +8.30% TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (new)
Are you sure you didn't switch those 2? At least your
On Sun, Dec 15, 2013 at 11:22:32AM -0500, Julien Vehent wrote:
On 2013-12-15 11:13, Kurt Roeckx wrote:
On Sun, Dec 15, 2013 at 10:46:04AM -0500, Julien Vehent wrote:
On 2013-12-14 19:47, Kosuke Kaizuka wrote:
Camellia is widely reviewed and chosen as a recommended cipher by
several
On Fri, Nov 29, 2013 at 04:07:35AM -0800, sameer...@gmail.com wrote:
Hi,
I found some new behavior with openldap server built against Mozilla
NSS(3.15.3) and our requirement is to use only TLSv1.2 ciphers only.
I have no idea what you really mean with this. Please note that
ciphers can
On Fri, Nov 29, 2013 at 01:43:11PM +0100, Kurt Roeckx wrote:
As far as I know, NSS does not have any ciphers with SHA-2 other
than GCM, and so I think what you want is not currently possible
with NSS.
It seems that some are implemented, but at least firefox with the
latest version doesn't have
On Fri, Nov 29, 2013 at 03:53:09PM -0800, Elio Maldonado Batiz wrote:
Firefox 27 will support TLS 1.2, see
https://bugzilla.mozilla.org/show_bug.cgi?id=861266
I know, and the only TLS 1.2 cipher will be GCM.
Kurt
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
On Tue, Nov 26, 2013 at 01:14:50PM +, Sameer Stephen wrote:
Hi,
We have an application which uses pam_ldap.so module to connect to LDAP
server. Our application( i.e. client ) uses openldap(2.4.36) which is built
against mozilla NSS library(3.15.3) and as per NSS mozilla official
On Mon, Nov 18, 2013 at 06:47:08PM -0800, Wan-Teh Chang wrote:
On Mon, Nov 18, 2013 at 4:57 PM, Brian Smith br...@briansmith.org wrote:
Also, AES implementations are highly optimized, well-audited,
well-tested, and are more likely to be side-channel free. Camellia
doesn't get used very
On Mon, Oct 07, 2013 at 11:17:46AM -0700, Brian Smith wrote:
On Fri, Oct 4, 2013 at 6:52 PM, Ludovic Hirlimann
ludovic+n...@mozilla.com wrote:
Hi,
AFAIK NSS still contains code for SSL2 , but no product uses it. SSL2
has been turned off at least 2 years ago. By removing SSL2 code we get
On Fri, Aug 30, 2013 at 01:10:08AM +0200, Kurt Roeckx wrote:
So what needs to happen so that we can move on with this?
I still have the same question. Nothing seems to be happening.
Kurt
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev
On Mon, Sep 09, 2013 at 07:20:57PM +0100, Rob Stradling wrote:
Probably worth keeping an eye on this new draft and the related
discussion on the TLS list...
http://tools.ietf.org/html/draft-sheffer-tls-bcp-00
Note that the recommended cipher there isn't in Brian's proposal,
and I've already
On Mon, Sep 09, 2013 at 11:29:19AM -0400, Stefan Arentz wrote:
On Sep 9, 2013, at 11:16 AM, Gervase Markham g...@mozilla.org wrote:
On 09/08/13 03:30, Brian Smith wrote:
Please see https://briansmith.org/browser-ciphersuites-01.html
This proposal promotes ECC.
So what needs to happen so that we can move on with this?
Kurt
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
On Mon, Aug 26, 2013 at 05:16:43PM -0700, Robert Relyea wrote:
2) It does have a significant downside speed wise. I was responsible
for measuring this once from the server perspective (we were trying to
convince people to use ECC. I could only get wins over RSA at the 2048
bit range with ECDH
On 08/09/2013 04:30 AM, Brian Smith wrote:
Please see https://briansmith.org/browser-ciphersuites-01.html
First, this is a proposal to change the set of sequence of ciphersuites
that Firefox offers.
So I think there are a whole bunch of things where we have 2 options,
and it's not always
On Mon, Aug 19, 2013 at 08:06:49PM +0200, Kurt Roeckx wrote:
I understand that the MAC itself doesn't make much difference, but
we should probably avoid MD5. I see no SHA256 MACs except for GCM
which probably isn't a problem.
I'm having mixed feelings about SHA1 / SHA256. I think it makes
37 matches
Mail list logo