Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Hierdie gesprek is gesluit en in die argief. Vra asseblief 'n nuwe vraag as jy hulp nodig het.

Bad Firefox implementation of SSL/TLS (error: ssl_error_no_cypher_overlap, RC4 and 3DES are turned OFF)

  • 1 antwoord
  • 1 het hierdie probleem
  • 9 views
  • Laaste antwoord deur cor-el

rasj
rasj
more options

When I turned OFF RC4 and 3DES Firefox can't connect to some SSL-server. But Internet Explorer and Opera with the same (absence of RC4 and 3DES and to the same server) can do it.

Why? I think this is the BAD implementation of SSL/TLS or a BUG!

And why in Firefox there are no cipher suits with SHA-256? I see in ServerHello a cipher suite(choosen by server): TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) But this cipher suite absent in Firefox!


Firefox cipher suits:

TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088) TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087) TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f) TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005) TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084) TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045) TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044) TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032) TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e) TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004) TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041) TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)


Opera cipher suits:

TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b) TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a) TLS_DH_RSA_WITH_AES_256_CBC_SHA256 (0x0069) TLS_DH_DSS_WITH_AES_256_CBC_SHA256 (0x0068) TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) TLS_DH_RSA_WITH_AES_256_CBC_SHA (0x0037) TLS_DH_DSS_WITH_AES_256_CBC_SHA (0x0036) TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)


IE cipher suits:

TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a) TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)

When I turned OFF RC4 and 3DES Firefox can't connect to some SSL-server. But Internet Explorer and Opera with the same (absence of RC4 and 3DES and to the same server) can do it. Why? I think this is the BAD implementation of SSL/TLS or a BUG! And why in Firefox there are no cipher suits with SHA-256? I see in ServerHello a cipher suite(choosen by server): TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) But this cipher suite absent in Firefox! Firefox cipher suits: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088) TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087) TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f) TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005) TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084) TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045) TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044) TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032) TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e) TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004) TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041) TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) Opera cipher suits: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b) TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a) TLS_DH_RSA_WITH_AES_256_CBC_SHA256 (0x0069) TLS_DH_DSS_WITH_AES_256_CBC_SHA256 (0x0068) TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) TLS_DH_RSA_WITH_AES_256_CBC_SHA (0x0037) TLS_DH_DSS_WITH_AES_256_CBC_SHA (0x0036) TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) IE cipher suits: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a) TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)

Gewysig op deur rasj

All Replies (1)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

I think that it is best to keep the discussion in one thread, so I locking the other two that you created.

Please continue here: [/questions/976999]