Is TLS 1.2 support in FF 27 (Bug 861266) NIST 800-131a compliant?
To support NIST 800-131a compliance, the browser would need to send a client hello with the Hash and Signature Algorthm extension that allows the server to select an algorithm with 112 bit security strength (e.g. something other than SHA-1).
If not, this is a bug that should be opened. NIST 800-131a compliance is required by NIST now (i.e. as of 2014). Not having the ability to comply with NIST 800-131a would make it problematic to use Firefox in many environments now, and more in the future.
Geändert am
Ausgewählte Lösung
hello ric982, since your question is rather specialised you might get a better reply posting it directly to the mozilla.dev.tech.crypto newsgroup.
Thanks Philipp. I'm in communication with that team now. The answer is not as simple as yes or no.
Diese Antwort im Kontext lesen 👍 0Alle Antworten (5)
hello ric982, since your question is rather specialised you might get a better reply posting it directly to the mozilla.dev.tech.crypto newsgroup.
Per that bug report the target version is Firefox 28.
See also Bug 480514 - Implement TLS 1.2 (RFC 5246)
Ausgewählte Lösung
hello ric982, since your question is rather specialised you might get a better reply posting it directly to the mozilla.dev.tech.crypto newsgroup.
Thanks Philipp. I'm in communication with that team now. The answer is not as simple as yes or no.
You usually disable ciphers that you do not want to use by toggling the related prefs to false on the about:config page.
That is also the way to make Firefox FIPS compliant.
This is an old and outdated KB article: