Re: Firefox cannot act as DHE server
Hi Martin, Let me clarify: remote node is acting as DTLS client and sends DTLS client hello with DHE_RSA. Firefox replies with handshake failure. What shall be done to solve this? I didn't get how the '2048-bit share' relates to this. You also mentioned the RTCCertificate API, for which there is no basic support in FF. Thanks a lot! Ors ___ dev-media mailing list dev-media@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-media
Re: Firefox cannot act as DHE server
On Fri, Mar 11, 2016 at 7:28 PM,wrote: > Martin, just to double-check: by 'client' you mean WebRTC client, and not the > remote node which is sending the DTLS client hello towards FF, right? Since we were talking DTLS, I mean the DTLS client. That is usually the WebRTC peer that generates the answer, if that helps at all (or the one that explicitly sets a=setup:active in its offer). ___ dev-media mailing list dev-media@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-media
Re: Firefox cannot act as DHE server
Martin, just to double-check: by 'client' you mean WebRTC client, and not the remote node which is sending the DTLS client hello towards FF, right? Thanks, Ors ___ dev-media mailing list dev-media@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-media
Re: Firefox cannot act as DHE server
Thanks a lot Martin, will look into that! Regards, Ors ___ dev-media mailing list dev-media@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-media
Re: Firefox cannot act as DHE server
On Fri, Mar 11, 2016 at 10:18 AM, Nils Ohlmeierwrote: > Have you read this hack post already? > https://hacks.mozilla.org/2015/02/webrtc-requires-perfect-forward-secrecy-pfs-starting-in-firefox-38/ That posting isn't quite relevant, this is: > TLS_DHE_***RSA***_... Firefox won't act as server for RSA-based cipher suites without the certificate management API. That's here: https://developer.mozilla.org/fi/docs/Web/API/RTCCertificate It's perfectly happy to be a client, because the cipher suite doesn't constrain the certificate that a client can use. ___ dev-media mailing list dev-media@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-media
Re: Firefox cannot act as DHE server
Hi Ors, > On Mar 10, 2016, at 09:12, ors.szabo...@gmail.com wrote: > I'm getting DTLS handshake failure basically with all FF versions (even with > latest nightly build) for a DTLS client hello with the following cipher > suites: > TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) > TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) > > Is this a known fault in FF? Have you read this hack post already? https://hacks.mozilla.org/2015/02/webrtc-requires-perfect-forward-secrecy-pfs-starting-in-firefox-38/ Best regards Nils Ohlmeier signature.asc Description: Message signed with OpenPGP using GPGMail ___ dev-media mailing list dev-media@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-media
Firefox cannot act as DHE server
Hello, I'm getting DTLS handshake failure basically with all FF versions (even with latest nightly build) for a DTLS client hello with the following cipher suites: TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) Is this a known fault in FF? Regards, Ors ___ dev-media mailing list dev-media@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-media