Apologies, I said 1.2 here for the server, but, of course, it negotiated as TLS 1.0.
On Fri, Nov 1, 2013 at 1:28 AM, Jeff Hodges <j...@somethingsimilar.com>wrote: > Hey, > > While poking around with a new web app I'm building, I noticed that > Firefox 25.0 is emitting cipher suite 0xFEFF in its client hello to TLS 1.2 > servers[1] and was hoping some of you might be able to tell me more about > it. I wasn't able to find a spec referencing it (other than the TLS specs > reserving the 0xFE space). > > I dug through the NSS codebase and found where it was defined in > lib/ssl/sslproto.h as: > > /* New non-experimental openly spec'ed versions of those cipher suites. > */ > #define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff > #define SSL_RSA_FIPS_WITH_DES_CBC_SHA 0xfefe > > What's interesting is that these lines of code have not been touched since > changeset 206:4ca6e9545364, roughly the dawn of time for NSS repo. The > changeset's summary is "Initial NSS Open Source checkin" like the ones > before it. > > Does anyone know what spec this cipher suite came from? And, perhaps, why > it's still a good idea to be in the client hello? This last question I ask > very gently and out of curiosity. > > [1] and perhaps other versions, not yet tested. > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto