On Thu, Aug 30, 2018 at 2:15 PM, Nicholas Alexander <nalexan...@mozilla.com> wrote:
> > > On Wed, Aug 29, 2018 at 3:56 PM, Nils Ohlmeier <nohlme...@mozilla.com> > wrote: > >> Summary: >> >> We are looking at removing the DHE cipher suites from the DTLS handshake >> in Firefox soon. >> >> Ciphers: >> - TLS_DHE_RSA_WITH_AES_128_CBC_SHA >> - TLS_DHE_RSA_WITH_AES_256_CBC_SHA >> are the two suites which we want to remove, because they are considered >> too weak. >> > > Are these suites considered "too weak" across the board? For historical > reasons Firefox for Android will handshake to Firefox Sync servers using > these suites: https://searchfox.org/mozilla-central/rev/ > 05d91d3e02a0780f44599371005591d7988e2809/mobile/android/ > services/src/main/java/org/mozilla/gecko/background/ > common/GlobalConstants.java#73. Sounds like we should drop those suites > there too -- can you confirm? > After a little (off-list) discussion, I've filed https://bugzilla.mozilla.org/show_bug.cgi?id=1487842 tracking dropping these. Thanks, Nils (and others)! Nick _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform