User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:33.0) Gecko/20100101 Firefox/33.0 Build ID: 2014101000 Steps to reproduce: from the naming of the config parameter "security.ssl3.rsa_rc4_128_sha" i took the liberty to interpret this parameter (and the other ssl3 parameter) would only affect ssl3. however setting the security.ssl3.rsa_rc4_* parameters to false results in connections not being encrypted by rsa_rc4 even with tls1.x. so either this is a bug or the naming is unfortunate. a server negotiating rsa_rc4 per default for example is https://www.suse.com/.
based on a comment from our encryption developer that U can not find at the moment I'm pretty sure that "or the naming is unfortunate" is the right answer
Component: Untriaged → Security: PSM
Product: Firefox → Core
There is one set of cipher prefs under security.ssl3.* that affect all SSL/TLS connections. Someone should probably get around to renaming all of the SSL -> TLS in these sorts of area now that SSL3 is disabled by default, but it's a long standing naming convention (though, a bad one).
Status: UNCONFIRMED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.