Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Nakatona sy natao arisiva ity resaka mitohy ity. Mametraha fanontaniana azafady raha mila fanampiana.

Bad Firefox implementation of SSL/TLS (error: ssl_error_no_cypher_overlap, RC4 and 3DES are turned OFF)

  • 1 valiny
  • 1 manana an'ity olana ity
  • 9 views
  • Valiny farany nomen'i cor-el

more options

When I turned OFF RC4 and 3DES Firefox can't connect to some SSL-server. But Internet Explorer and Opera with the same (absence of RC4 and 3DES and to the same server) can do it.

Why? I think this is the BAD implementation of SSL/TLS or a BUG!

And why in Firefox there are no cipher suits with SHA-256? I see in ServerHello a cipher suite(choosen by server): TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) But this cipher suite absent in Firefox!


Firefox cipher suits:

TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088) TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087) TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f) TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005) TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084) TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045) TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044) TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032) TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e) TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004) TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041) TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)


Opera cipher suits:

TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b) TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a) TLS_DH_RSA_WITH_AES_256_CBC_SHA256 (0x0069) TLS_DH_DSS_WITH_AES_256_CBC_SHA256 (0x0068) TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) TLS_DH_RSA_WITH_AES_256_CBC_SHA (0x0037) TLS_DH_DSS_WITH_AES_256_CBC_SHA (0x0036) TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)


IE cipher suits:

TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a) TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)

When I turned OFF RC4 and 3DES Firefox can't connect to some SSL-server. But Internet Explorer and Opera with the same (absence of RC4 and 3DES and to the same server) can do it. Why? I think this is the BAD implementation of SSL/TLS or a BUG! And why in Firefox there are no cipher suits with SHA-256? I see in ServerHello a cipher suite(choosen by server): TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) But this cipher suite absent in Firefox! Firefox cipher suits: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088) TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087) TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f) TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005) TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084) TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045) TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044) TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032) TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e) TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004) TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041) TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) Opera cipher suits: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b) TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a) TLS_DH_RSA_WITH_AES_256_CBC_SHA256 (0x0069) TLS_DH_DSS_WITH_AES_256_CBC_SHA256 (0x0068) TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) TLS_DH_RSA_WITH_AES_256_CBC_SHA (0x0037) TLS_DH_DSS_WITH_AES_256_CBC_SHA (0x0036) TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) IE cipher suits: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a) TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)

Novain'i rasj t@

All Replies (1)

more options

I think that it is best to keep the discussion in one thread, so I locking the other two that you created.

Please continue here: [/questions/976999]