Avatar for Username

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Dúnadh an snáithe seo agus cuireadh sa chartlann é. Cuir ceist nua má tá cabhair uait.

Bad Firefox implementation of SSL/TLS (error: ssl_error_no_cypher_overlap, RC4 and 3DES are turned OFF)

  • 1 freagra
  • 1 leis an bhfadhb seo
  • 5 views
  • Freagra is déanaí ó cor-el

rasj
rasj
more options

When I turned OFF RC4 and 3DES Firefox can't connect to some SSL-server. But Internet Explorer and Opera with the same (absence of RC4 and 3DES and to the same server) can do it.

Why? I think this is the BAD implementation of SSL/TLS or a BUG!

And why in Firefox there are no cipher suits with SHA-256? I see in ServerHello a cipher suite(choosen by server): TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) But this cipher suite absent in Firefox!


Firefox cipher suits:

TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088) TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087) TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f) TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005) TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084) TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045) TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044) TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032) TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e) TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004) TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041) TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)


Opera cipher suits:

TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b) TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a) TLS_DH_RSA_WITH_AES_256_CBC_SHA256 (0x0069) TLS_DH_DSS_WITH_AES_256_CBC_SHA256 (0x0068) TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) TLS_DH_RSA_WITH_AES_256_CBC_SHA (0x0037) TLS_DH_DSS_WITH_AES_256_CBC_SHA (0x0036) TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)


IE cipher suits:

TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a) TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)

When I turned OFF RC4 and 3DES Firefox can't connect to some SSL-server. But Internet Explorer and Opera with the same (absence of RC4 and 3DES and to the same server) can do it. Why? I think this is the BAD implementation of SSL/TLS or a BUG! And why in Firefox there are no cipher suits with SHA-256? I see in ServerHello a cipher suite(choosen by server): TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) But this cipher suite absent in Firefox! Firefox cipher suits: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088) TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087) TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f) TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005) TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084) TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045) TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044) TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032) TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e) TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004) TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041) TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) Opera cipher suits: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b) TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a) TLS_DH_RSA_WITH_AES_256_CBC_SHA256 (0x0069) TLS_DH_DSS_WITH_AES_256_CBC_SHA256 (0x0068) TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) TLS_DH_RSA_WITH_AES_256_CBC_SHA (0x0037) TLS_DH_DSS_WITH_AES_256_CBC_SHA (0x0036) TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) IE cipher suits: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a) TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)

Athraithe ag rasj ar

All Replies (1)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

I think that it is best to keep the discussion in one thread, so I locking the other two that you created.

Please continue here: [/questions/976999]