Mozilla is not dropping HMAC-SHA1 TLS ciphersuites. TLS 1.0 would not work without them.
---------------------------------------- > Date: Fri, 6 Nov 2015 08:47:45 -0800 > Subject: SHA256/GCM DHE support when SHA1 support is dropped > From: [email protected] > To: [email protected] > > https://bugzilla.mozilla.org/s... [mozilla.org] > > Firefox only currently supports DHE with SHA1. Are they going add support for > SHA256 DHE when they disable SHA1? > > To quote Michael Staruch from the above link: > It looked more like attempts to discredit DHE and push everyone into ECC. And > I am not so sure if that's best way to protect our privacy, especially with > multiple TLS clients supporting only NSA Suite B curves. > > > > Mozilla, we really need DHE to work with SHA256 and GCM. Sure, fallback to > something else if weak dhparams are used by the server. > _______________________________________________ > dev-security-policy mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security-policy _______________________________________________ dev-security-policy mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security-policy
