Changes between Version 2 and Version 3 of Ticket #8061, comment 3


Ignore:
Timestamp:
07/10/14 17:36:49 (5 years ago)
Author:
belmyst
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #8061, comment 3

    v2 v3  
    2323TLS_RSA_WITH_RC4_128_MD5        RSA     ARCFOUR-128     MD5
    2424}}}
    25 (To decide, I used [https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy] and [https://github.com/cloudflare/sslconfig/blob/master/conf] as guides.
     25(To decide, I used
     26* [https://community.qualys.com/blogs/securitylabs/2013/08/05/configuring-apache-nginx-and-openssl-for-forward-secrecy]
     27* [https://github.com/cloudflare/sslconfig/blob/master/conf]
     28* [http://safecurves.cr.yp.to/]
     29* [https://blog.thijsalkema.de/me/blog//blog/2013/09/02/the-state-of-tls-on-xmpp-3/ ]
     30as guides.
    2631I've also excluded elliptic curves not used by eg. Google Chrome and Firefox.)
    2732
    28 As a result, my priority string ended up being {{{+PFS:+NORMAL:!3DES-CBC:!DHE-DSS:!CURVE-SECP192R1:!CURVE-SECP224R1:!MD5:%SSL3_RECORD_VERSION}}}.
     33As a result, my priority string ended up being {{{+PFS:!3DES-CBC:!DHE-DSS:!CURVE-SECP192R1:!CURVE-SECP224R1:!MD5:+RSA:%SSL3_RECORD_VERSION}}}.
    2934
    3035Regarding NSS, I've made a patch including roughly the same ciphersuites, and including the changes proposed for #15909.
    3136
    3237It's my first patch here, so all and every comment is more than welcome :)
     38
     39EDIT: A previous version of this patch used the "NORMAL" priority component, meaning that RSA ciphersuites appeared before DHE-RSA. This was fixed by manually adding the RSA key exchange.
All information, including names and email addresses, entered onto this website or sent to mailing lists affiliated with this website will be public. Do not post confidential information, especially passwords!