Re: Firefox cannot act as DHE server

2016-03-19 Thread ors . szabo . hu 
Hi Martin,

Let me clarify: remote node is acting as DTLS client and sends DTLS client 
hello with DHE_RSA. Firefox replies with handshake failure.

What shall be done to solve this? I didn't get how the '2048-bit share' relates 
to this. You also mentioned the RTCCertificate API, for which there is no basic 
support in FF.

Thanks a lot!
Ors
___
dev-media mailing list
dev-media@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-media

Re: Firefox cannot act as DHE server

2016-03-11 Thread Martin Thomson 
On Fri, Mar 11, 2016 at 7:28 PM,   wrote:
> Martin, just to double-check: by 'client' you mean WebRTC client, and not the 
> remote node which is sending the DTLS client hello towards FF, right?

Since we were talking DTLS, I mean the DTLS client.  That is usually
the WebRTC peer that generates the answer, if that helps at all (or
the one that explicitly sets a=setup:active in its offer).
___
dev-media mailing list
dev-media@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-media

Re: Firefox cannot act as DHE server

2016-03-11 Thread ors . szabo . hu 
Martin, just to double-check: by 'client' you mean WebRTC client, and not the 
remote node which is sending the DTLS client hello towards FF, right?

Thanks,
Ors
___
dev-media mailing list
dev-media@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-media

Re: Firefox cannot act as DHE server

2016-03-10 Thread ors . szabo . hu 
Thanks a lot Martin, will look into that!

Regards,
Ors
___
dev-media mailing list
dev-media@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-media

Re: Firefox cannot act as DHE server

2016-03-10 Thread Martin Thomson 
On Fri, Mar 11, 2016 at 10:18 AM, Nils Ohlmeier  wrote:
> Have you read this hack post already?
> https://hacks.mozilla.org/2015/02/webrtc-requires-perfect-forward-secrecy-pfs-starting-in-firefox-38/

That posting isn't quite relevant, this is:

> TLS_DHE_***RSA***_...

Firefox won't act as server for RSA-based cipher suites without the
certificate management API.

That's here:

https://developer.mozilla.org/fi/docs/Web/API/RTCCertificate

It's perfectly happy to be a client, because the cipher suite doesn't
constrain the certificate that a client can use.
___
dev-media mailing list
dev-media@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-media

Re: Firefox cannot act as DHE server

2016-03-10 Thread Nils Ohlmeier 
Hi Ors,

> On Mar 10, 2016, at 09:12, ors.szabo...@gmail.com wrote:
> I'm getting DTLS handshake failure basically with all FF versions (even with 
> latest nightly build) for a DTLS client hello with the following cipher 
> suites:
> TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033)
> TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)
> 
> Is this a known fault in FF?

Have you read this hack post already?
https://hacks.mozilla.org/2015/02/webrtc-requires-perfect-forward-secrecy-pfs-starting-in-firefox-38/

Best regards
  Nils Ohlmeier


signature.asc
Description: Message signed with OpenPGP using GPGMail
___
dev-media mailing list
dev-media@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-media

Firefox cannot act as DHE server

2016-03-10 Thread ors . szabo . hu 
Hello,

I'm getting DTLS handshake failure basically with all FF versions (even with 
latest nightly build) for a DTLS client hello with the following cipher suites:
TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) 
TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039)

Is this a known fault in FF?

Regards,
Ors
___
dev-media mailing list
dev-media@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-media