Bugzilla

Can we revisit this? Just today I couldn't get to https://unicode.org because there was no cipher overlap with Firefox (I have disabled TLS pre-1.2, and additionally all CBC ciphers), and I was a bit confused, only to learn that there's no support for AES in GCM mode with DHE key exchange.

https://www.ssllabs.com/ssltest/analyze.html?d=unicode.org

The only future-proof secure configuration there is TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 / TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, which Firefox refuses to support for some reason. NSS already has all the primitives required, and even if you don't want to bother with _all_ the new suits, at least consider GCM variants.

Sure, I can re-enable CBC ciphers, but why do you force users to use less secure solutions?