Just to be clear, Firefox is now able to act as a server for DHE. Your client needs to be prepared to accept a 2048-bit share (most will, though some older Java versions might choke).
On Fri, Mar 11, 2016 at 3:10 PM, Martin Thomson <[email protected]> wrote: > On Fri, Mar 11, 2016 at 10:18 AM, Nils Ohlmeier <[email protected]> wrote: >> Have you read this hack post already? >> https://hacks.mozilla.org/2015/02/webrtc-requires-perfect-forward-secrecy-pfs-starting-in-firefox-38/ > > That posting isn't quite relevant, this is: > >> TLS_DHE_***RSA***_... > > Firefox won't act as server for RSA-based cipher suites without the > certificate management API. > > That's here: > > https://developer.mozilla.org/fi/docs/Web/API/RTCCertificate > > It's perfectly happy to be a client, because the cipher suite doesn't > constrain the certificate that a client can use. _______________________________________________ dev-media mailing list [email protected] https://lists.mozilla.org/listinfo/dev-media
