On Sat, Dec 14, 2013 at 3:51 PM, Kurt Roeckx <k...@roeckx.be> wrote: > On Sat, Dec 14, 2013 at 03:36:44PM -0800, Brian Smith wrote: > > > > Note that the cipher suites above were not agreed to in the previous > > discussion and were not part of my proposal linked to above. They have > been > > enabled for a long time, and I did not disable them in Firefox 27 > because I > > wanted to be conservative in avoiding potential compatibility issues, and > > because I wanted to see the measurements of the effects of the reordering > > of the cipher suites. For reference, the cipher suite list for Firefox 26 > > appears at the end of this email. > > I assume that 27 when it's released will get the list from your > other mail, and so for intsance removes all the ECDH ciphers? >
The current list for Firefox 27 beta is: C02B TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 C02F TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 C009 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA C013 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA C00A TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA C014 TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA C012 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA C007 TLS_ECDHE_ECDSA_WITH_RC4_128_SHA C011 TLS_ECDHE_RSA_WITH_RC4_128_SHA 0033 TLS_DHE_RSA_WITH_AES_128_CBC_SHA 0032 TLS_DHE_DSS_WITH_AES_128_CBC_SHA 0045 TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA 0039 TLS_DHE_RSA_WITH_AES_256_CBC_SHA 0038 TLS_DHE_DSS_WITH_AES_256_CBC_SHA 0088 TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA 0016 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA 002F TLS_RSA_WITH_AES_128_CBC_SHA 0041 TLS_RSA_WITH_CAMELLIA_128_CBC_SHA 0035 TLS_RSA_WITH_AES_256_CBC_SHA 0084 TLS_RSA_WITH_CAMELLIA_256_CBC_SHA 000A TLS_RSA_WITH_3DES_EDE_CBC_SHA 0005 TLS_RSA_WITH_RC4_128_SHA 0004 TLS_RSA_WITH_RC4_128_MD5 Next week, the following changes will be made: 1. TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA will be disabled 2. TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA will be moved to the third spot, ahead of TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, due to https://bugzilla.mozilla.org/show_bug.cgi?id=946147. There may be more changes during Firefox 27 beta if we find more compatibility issues. It is also possible that TLS 1.2 and/or AES-GCM cipher suites could still get disabled before 27 is released, though we're trying to make sure that doesn't happen. Cheers, Brian -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto