On Thu, Aug 30, 2018 at 2:15 PM, Nicholas Alexander
wrote:
>
>
> On Wed, Aug 29, 2018 at 3:56 PM, Nils Ohlmeier
> wrote:
>
>> Summary:
>>
>> We are looking at removing the DHE cipher suites from the DTLS handshake
>> in Firefox soon.
>>
>> Ciphers:
>> - TLS_DHE_RSA_WITH_AES_128_CBC_SHA
>> - TLS_DHE_RSA_WITH_AES_256_CBC_SHA
>> are the two suites which we want to remove, because they are considered
>> too weak.
>>
>
> Are these suites considered "too weak" across the board? For historical
> reasons Firefox for Android will handshake to Firefox Sync servers using
> these suites: https://searchfox.org/mozilla-central/rev/
> 05d91d3e02a0780f44599371005591d7988e2809/mobile/android/
> services/src/main/java/org/mozilla/gecko/background/
> common/GlobalConstants.java#73. Sounds like we should drop those suites
> there too -- can you confirm?
>
After a little (off-list) discussion, I've filed
https://bugzilla.mozilla.org/show_bug.cgi?id=1487842 tracking dropping
these.
Thanks, Nils (and others)!
Nick
___
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
