Need support for TLS 1.2
SSL 2.0 was broken in 1997, SSL3.0 was broken in 1998,TLS 1.0 is broken because it relies in SHA1, MD5 which are both broken in 2004.
We need support for TLS 1.2. The new fed Identify effort http://www.whitehouse.gov/blog/2010/06/25/national-strategy-trusted-identities-cyberspace will require not just trusted identity but trusted transport.
Détails additionnels sur le système
- Agent utilisateur : Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:18.104.22.168) Gecko/20100622 Fedora/3.6.4-1.fc13 Firefox/3.6.4
This should be taken under sincere consideration.
Yeah. the best Firefox 3.6.12 can do is TLS 1.0, and I'd really prefer to use TLS 1.2.
Mozilla need to take the TLS security issue very serious, or they will risk loosing their customer to Opera and IE etc. Today TLS 1.0 is easily broken (see: here ) Possibly by at least removing all CBC ciphers from your list of allowed ciphers.
Fortines VPN stopped supporting 1.0 so I had to start using IE. Sad days.