Can anyone enlighten me on this? I do not want to complain about anything i just try to understand what and why is this happening. (I have nothing better to do today,sorr… (tuilleadh eolais)
Can anyone enlighten me on this? I do not want to complain about anything i just try to understand what and why is this happening. (I have nothing better to do today,sorry.)
Under the "green lock" -pictures- the ciphers (i think) are TLS1.0 (ex.:ECDHE-RSA-AES128-SHA) based on these software's lists:
So i tried to disable these ciphers (AES128&256CBC-SHA1) on the "about:config" page and leave AESGCM&CHACHA20 ciphers. Then comes the warning: "SSL_ERROR_NO_CYPHER_OVERLAP" , on sites which normally support AESGCM suites.
There are some "missing" (mostly AESCBC-SHA256/SHA384) options from the config page (just for me?), does Firefox support them?:
- ECDHE-RSA-AES128(CBC)-SHA256 -The banking site supports this, tested on https://observatory.mozilla.org & https://www.ssllabs.com (but not available by me, must use CBC-SHA1 instead)
Also https://www.gog.com supports:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-Firefox supports those too but i can't use them. If RSA-AES128-SHA and RSA-AES256-SHA are disabled the page won't load but it should because of AESGCM is supported on both side.
Why does Firefox switch back to CBC-SHA1 ciphers in these sites? Is it a server-side fault or Firefox "needs help" with this?
- Are there any addons or settings that could force the cipher-order?
- On Mozilla's Support site (here) everything is fine "i can play" between CBC and GCM (-picture-).
Any help,recommendation,explanation or suggestion appreciated.