Re: set default on for SHA2 for TLS1.1+ on firefox
Hi. TLS1.2 with SHA256 can be enabled manually.(default disabled) advanced users have to to as following about:config at address bar == agree using advanced feature == set value of security.tls version.max to 3 see the link https://support.mozilla.org/en-US/questions/959936 On Tue, Oct 8, 2013 at 4:50 AM, Wan-Teh Chang w...@google.com wrote: On Mon, Oct 7, 2013 at 12:02 PM, Brian Smith br...@briansmith.org wrote: If you are referring to something other than the TLS_*_SHA256 cipher suites, please be more specific as to what you are referring to. Brian, If you can enable TLS 1.2 by default in Firefox, that should make Mountie happy. Besides the HMAC-SHA256 cipher suites, the AES-GCM cipher suites also make it possible to do TLS without using SHA-1 at all. TLS 1.1 still contains hardcoded use of MD5 and SHA1 in the protocol. Wan-Teh -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto -- Mountie Lee PayGate CTO, CISSP Tel : +82 2 2140 2700 E-Mail : moun...@paygate.net === PayGate Inc. THE STANDARD FOR ONLINE PAYMENT for Korea, Japan, China, and the World -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: set default on for SHA2 for TLS1.1+ on firefox
On Wed, Oct 2, 2013 at 2:28 AM, Mountie Lee moun...@paygate.net wrote: Hi. currently SHA2 hash algorithm is used in TLS1.1 and 1.2 mozilla firefox is supporting it now. Hi, Are you referring to the TLS_*_SHA256 cipher suites, or something else? I believe that we support SHA256-based signatures everywhere already. If you are referring to the TLS_*_SHA256 cipher suites, then the current plan is to never enable them in Firefox. It seems Chrome has decided on something similar, as they disabled those cipher suites after they added AES-GCM support. If you are referring to something other than the TLS_*_SHA256 cipher suites, please be more specific as to what you are referring to. Cheers, Brian -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: set default on for SHA2 for TLS1.1+ on firefox
On Mon, Oct 7, 2013 at 12:02 PM, Brian Smith br...@briansmith.org wrote: If you are referring to something other than the TLS_*_SHA256 cipher suites, please be more specific as to what you are referring to. Brian, If you can enable TLS 1.2 by default in Firefox, that should make Mountie happy. Besides the HMAC-SHA256 cipher suites, the AES-GCM cipher suites also make it possible to do TLS without using SHA-1 at all. TLS 1.1 still contains hardcoded use of MD5 and SHA1 in the protocol. Wan-Teh -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
set default on for SHA2 for TLS1.1+ on firefox
Hi. currently SHA2 hash algorithm is used in TLS1.1 and 1.2 mozilla firefox is supporting it now. but the feature is set default off in latest firefox browser. can we set default ON for better security? Chrome is already enabled by default IE is trying to set default on from version 11 Opera is already set default on Mobile Safari is already set default on Mac Safari is plan to set default on after version 7 any other reason disabled by default for TLS 1.1 (which need SHA2)? regards mountie. -- Mountie Lee PayGate CTO, CISSP Tel : +82 2 2140 2700 E-Mail : moun...@paygate.net === PayGate Inc. THE STANDARD FOR ONLINE PAYMENT for Korea, Japan, China, and the World -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto