Correction-- I'm sorry, I mistyped the firefox config, this should have said the chacha20_poly1305 (0xcc 0xa9) cipher suite was the only one enabled.
Martin Rex wrote: > I've just run into a weird interoperability problem with an (alleged) > cloudflare/nginx TLS server and my personal Firefox settings. > > https://regmedia.co.uk/2015/07/14/giant_weta_mike_locke_flicker_cc_20.jpg > > > Traditionally I have all TLS ciphersuites with ECDSA disabled through > about:config, but it seems that recently two new TLS ciphersuites were > added to FF, which caused complete loss of interop with regmedia.co.uk > for me with my existing configuration. (Loss of pictures&media on the > www.theregister.co.uk news site). > > specifically, after the FF update, this new TLS ciphersuite: > > security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256 (0xcc, 0xa9) security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256 (0xcc, 0xa9) > was the only ECDSA cipher suite enabled in my Firefox 47.0.1, and this > kills connectivity (TLS handshake_failure alert) with regmedia.co.uk. > > It looks like a bug in the cloudflare/nginx cipher suites selection > algorithm, which appears to blindly go for ECDSA, even though there is > no actual ECDSA cipher suite available which the server supports. > > > -Martin _______________________________________________ TLS mailing list [email protected] https://www.ietf.org/mailman/listinfo/tls
