Closed Bug 1306085 Opened 8 years ago Closed 8 years ago

SSL_ERROR_NO_CYPHER_OVERLAP on https://01.org/

Categories

(NSS :: Libraries, defect)

defect
Not set
normal

Tracking

(firefox50 unaffected, firefox51- unaffected, firefox52 affected)

RESOLVED DUPLICATE of bug 1306003
Tracking Status
firefox50 --- unaffected
firefox51 - unaffected
firefox52 --- affected

People

(Reporter: gcp, Unassigned)

Details

Intel (maybe just?) launched https://01.org/ for some of their open source projects.

Firefox beta can connnect, so can Chrome, but Nightly cannot.
[Tracking Requested - why for this release]: Failing to load site

I'm told we somewhat purposefully removed support for the curve this site is using (P-521).  Not sure where that was tracked, so I can mark this blocking that bug.

If I believe https://www.ssllabs.com/ssltest/analyze.html?d=01.org&s=198.145.21.16 then we're negotiating TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 with the P-521 curve in release.  Chrome (and Edge) is negotiating TLS_RSA_WITH_AES_256_GCM_SHA384, but we like that one less because it doesn't provide forward secrecy.  Safari is negotiating the same thing we are....
Flags: needinfo?(rlb)
If someone can review the patch on bug 1306003, I can land it and we can all be about our day.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Flags: needinfo?(rlb)
Hi :gcp,
Can you help check if 51 aurora is affected?
Flags: needinfo?(gpascutto)
We can track this in the duplicate bug, removing tracking nom for 52.
Other bug claims Aurora is not affected.
Flags: needinfo?(gpascutto)
Un-track for 51 as 51 aurora is unaffected.
You need to log in before you can comment on or make changes to this bug.