X
Tap here to go to the mobile version of the site.

منتدى الدعم

TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (DHE-RSA-AES256-GCM-SHA384) and TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 not work with Firefox 50.0

Posted

Hello, First, thanks for Firefox and all you work ! Ciphers TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (DHE-RSA-AES256-GCM-SHA384) and TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (DHE-RSA-AES256-SHA256) not work with Firefox 50.0 and Firefox 53 Nithly. But they are in the wiki : https://wiki.mozilla.org/Security/Server_Side_TLS in "Intermediate compatibility (default)" Are they supported ? Thanks a lot. David

Hello, First, thanks for Firefox and all you work ! Ciphers TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 (DHE-RSA-AES256-GCM-SHA384) and TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (DHE-RSA-AES256-SHA256) not work with Firefox 50.0 and Firefox 53 Nithly. But they are in the wiki : https://wiki.mozilla.org/Security/Server_Side_TLS in "Intermediate compatibility (default)" Are they supported ? Thanks a lot. David

Additional System Details

Installed Plug-ins

  • NPRuntime Script Plug-in Library for Java(TM) Deploy
  • DRM Store Netscape Plugin
  • DRM Netscape Network Object
  • Shockwave Flash 23.0 r0
  • VLC media player Web Plugin
  • Npdsplay dll

Application

  • User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:35.0) Gecko/20100101 Firefox/35.0

More Information

John99 971 solutions 13138 answers

This is not something I understand & would need to research further, so if this reply does not help you get an answer by bumping the post I suggest you try in another Mozilla forum

If the subject is not on topic there hopefully they will be able to say where you can get an answer.

This is not something I understand & would need to research further, so if this reply does not help you get an answer by bumping the post I suggest you try in another Mozilla forum * [https://www.mozilla.org/about/forums/ Forums] -> [https://www.mozilla.org/en-US/about/forums/#dev-security mozilla.dev.security] -> '''[https://groups.google.com/forum/#!forum/mozilla.dev.security Here]''' If the subject is not on topic there hopefully they will be able to say where you can get an answer.
cor-el
  • Top 10 Contributor
  • Moderator
17591 solutions 159130 answers

Note that your System Details list shows an old Firefox 35 version.

  • User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:35.0) Gecko/20100101 Firefox/35.0

You can see the supported ciphers as security.ssl3.* prefs on the about:config page.

Note that your System Details list shows an old Firefox 35 version. *User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:35.0) Gecko/20100101 Firefox/35.0 You can see the supported ciphers as security.ssl3.* prefs on the <b>about:config</b> page.

Question owner

cor-el a écrit

Note that your System Details list shows an old Firefox 35 version.
  • User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:35.0) Gecko/20100101 Firefox/35.0
You can see the supported ciphers as security.ssl3.* prefs on the about:config page.

Hello ! Thanks for your reply. My useragent is fixed by an extention, so the version is false. I'm on firefox 50, my about:config juste have : security.ssl3.dhe_rsa_aes_128_sha : yes security.ssl3.dhe_rsa_aes_256_sha : yes not SHA384 or SHA256

Do you have it on you firefox version ?

Thanks a lot

Thanks John99, I will see it.

Have a good day

''cor-el [[#answer-945326|a écrit]]'' <blockquote> Note that your System Details list shows an old Firefox 35 version. *User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:35.0) Gecko/20100101 Firefox/35.0 You can see the supported ciphers as security.ssl3.* prefs on the <b>about:config</b> page. </blockquote> Hello ! Thanks for your reply. My useragent is fixed by an extention, so the version is false. I'm on firefox 50, my about:config juste have : security.ssl3.dhe_rsa_aes_128_sha : yes security.ssl3.dhe_rsa_aes_256_sha : yes not SHA384 or SHA256 Do you have it on you firefox version ? Thanks a lot Thanks John99, I will see it. Have a good day
cor-el
  • Top 10 Contributor
  • Moderator
17591 solutions 159130 answers

You need to set prefs that that are involved with the Logjam vulnerability to false to disable cipher suites in case they are currently enabled (true).

  • security.ssl3.dhe_rsa_aes_128_sha
  • security.ssl3.dhe_rsa_aes_256_sha

These shouldn't be enabled.

You need to set prefs that that are involved with the Logjam vulnerability to false to disable cipher suites in case they are currently enabled (true). *security.ssl3.dhe_rsa_aes_128_sha *security.ssl3.dhe_rsa_aes_256_sha These shouldn't be enabled.

Question owner

cor-el a écrit

You need to set prefs that that are involved with the Logjam vulnerability to false to disable cipher suites in case they are currently enabled (true).
  • security.ssl3.dhe_rsa_aes_128_sha
  • security.ssl3.dhe_rsa_aes_256_sha
These shouldn't be enabled.

Thanks for your reply but my question is can we use (regardles of this security problem) TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 and TLS_DHE_RSA_WITH_AES_256_CBC_SHA256.

My servers are not vulnerable to Logjam and I want to use this. But it seam that firefox not support it. Do you have information on this point ?

What is you recommandation ? The use of ecdhe_rsa_aes_256_gcm_sha384 ?

Thanks

''cor-el [[#answer-952522|a écrit]]'' <blockquote> You need to set prefs that that are involved with the Logjam vulnerability to false to disable cipher suites in case they are currently enabled (true). *security.ssl3.dhe_rsa_aes_128_sha *security.ssl3.dhe_rsa_aes_256_sha These shouldn't be enabled. </blockquote> Thanks for your reply but my question is can we use (regardles of this security problem) TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 and TLS_DHE_RSA_WITH_AES_256_CBC_SHA256. My servers are not vulnerable to Logjam and I want to use this. But it seam that firefox not support it. Do you have information on this point ? What is you recommandation ? The use of ecdhe_rsa_aes_256_gcm_sha384 ? Thanks