On Mon, Jul 25, 2016 at 7:23 PM Viktor Dukhovni
wrote:
> On Mon, Jul 25, 2016 at 10:32:29PM +, David Benjamin wrote:
>
> > I'm not sure how this process usually works, but I would like to reserve
> a
> > bunch of values in the TLS registries to as part of an idea to
On Mon, Jul 25, 2016 at 10:32:29PM +, David Benjamin wrote:
> I'm not sure how this process usually works, but I would like to reserve a
> bunch of values in the TLS registries to as part of an idea to keep our
> extension points working. Here's an I-D:
>
>
On Mon, Jul 25, 2016 at 6:32 PM David Benjamin
wrote:
> Hi folks,
>
> I'm not sure how this process usually works, but I would like to reserve a
> bunch of values in the TLS registries to as part of an idea to keep our
> extension points working. Here's an I-D:
>
If I remember/understand correctly, the cloudflare patch for chacha/poly
would (when server preference is in use) only attempt to use it when it
appeared first in the client's preference list, and would ignore it
elsewhere. This could potentially lead to negotiation failures if,
e.g., the server
On Mon, Jul 25, 2016 at 04:36:27PM -0400, Viktor Dukhovni wrote:
>
> > On Jul 25, 2016, at 3:08 PM, Martin Rex wrote:
> >
> > specifically, after the FF update, this new TLS ciphersuite:
> >
> > security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256 (0xcc, 0xa9)
> >
> > was the only
> On Jul 25, 2016, at 3:08 PM, Martin Rex wrote:
>
> specifically, after the FF update, this new TLS ciphersuite:
>
> security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256 (0xcc, 0xa9)
>
> was the only ECDSA cipher suite enabled in my Firefox 47.0.1, and this
> kills connectivity (TLS
> On Jul 25, 2016, at 3:08 PM, Martin Rex wrote:
>
> https://regmedia.co.uk/2015/07/14/giant_weta_mike_locke_flicker_cc_20.jpg
FWIW, OpenSSL interoperates with this server:
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4169 bytes
On Mon, Jul 25, 2016 at 09:08:49PM +0200, Martin Rex wrote:
> I've just run into a weird interoperability problem with an (alleged)
> cloudflare/nginx TLS server and my personal Firefox settings.
>
> https://regmedia.co.uk/2015/07/14/giant_weta_mike_locke_flicker_cc_20.jpg
>
>
> Traditionally I
I've just run into a weird interoperability problem with an (alleged)
cloudflare/nginx TLS server and my personal Firefox settings.
https://regmedia.co.uk/2015/07/14/giant_weta_mike_locke_flicker_cc_20.jpg
Traditionally I have all TLS ciphersuites with ECDSA disabled through
about:config, but