setting security.ssl3.rsa_rc4_128_sha affects tls1.x

RESOLVED INVALID

Status

()

RESOLVED INVALID
4 years ago
4 years ago

People

(Reporter: sebastian.kratz, Unassigned)

Tracking

33 Branch
x86_64
Linux
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

4 years ago
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:33.0) Gecko/20100101 Firefox/33.0
Build ID: 2014101000

Steps to reproduce:

from the naming of the config parameter "security.ssl3.rsa_rc4_128_sha" i took the liberty to interpret this parameter (and the other ssl3 parameter) would only affect ssl3. however setting the security.ssl3.rsa_rc4_* parameters to false results in connections not being encrypted by rsa_rc4 even with tls1.x.

so either this is a bug or the naming is unfortunate. a server negotiating rsa_rc4 per default for example is https://www.suse.com/.
based on a comment from our encryption developer that U can not find at the moment I'm pretty sure that "or the naming is unfortunate" is the right answer
Component: Untriaged → Security: PSM
Product: Firefox → Core

Comment 2

4 years ago
There is one set of cipher prefs under security.ssl3.* that affect all SSL/TLS connections. Someone should probably get around to renaming all of the SSL -> TLS in these sorts of area now that SSL3 is disabled by default, but it's a long standing naming convention (though, a bad one).
Status: UNCONFIRMED → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.