Closed
Bug 905258
Opened 11 years ago
Closed 7 years ago
Firefox doesn't support/report "AES cipher, 256-bit key" on https://www.fortify.net/sslcheck.html
Categories
(Core :: Security, defect)
Core
Security
Tracking
()
RESOLVED
INVALID
People
(Reporter: iiiiikolor, Unassigned)
References
()
Details
(Keywords: privacy)
User Agent: Mozilla/5.0 (Windows NT 6.2; Win64; x64; rv:26.0) Gecko/20100101 Firefox/26.0 (Beta/Release) Build ID: 20130813155809 Steps to reproduce: May it isn't a bug but Why nightly mozilla not use the highest cipher only RC4 cipher 128-bit key Actual results: This website show me my mozilla use small coding during connect to website https://www.fortify.net/sslcheck.html RC4 cipher, 128-bit key why not cipher, 256-bit key Expected results: I thing Mozilla should use the highest coding https during connection although after this make problem listing to NSA .
See http://crypto.stackexchange.com/questions/853/google-is-using-rc4-but-isnt-rc4-considered-unsafe In this case, it would be better to use AES with TLS 1.1. Unfortunately, we don't support that yet. Hopefully we will soon.
If I manually enable TLS 1.2 then Firefox uses a 256bit key, so really this is "fixed", just waiting for the last issues preventing 1.1 and 1.2 being enabled by default.
|
||
Updated•11 years ago
|
Status: UNCONFIRMED → NEW
Component: Untriaged → Security
Ever confirmed: true
Product: Firefox → Core
|
||
Comment 3•11 years ago
|
||
You can also disable rc4 locally, go to about:config and search for rc4. There are few preferences, just switch them all to false. I am experimenting with that setting a long time, no problems.
I cannot discuss my knowledge not allow me talking about Encryption.But I see nightly have option to use TLS 1.2 security.tls.version.max = 3 (TLS 1.2); default is 2 (TLS 1.0) security.tls.version.min = 0 (SSL 3.0); default If I change it my Firefox use TLS 1.2 https://www.mikestoolbox.org/ I understand a lot of website not use TLS 1.2 and connection not will work . But why Team Mozilla waiting to enter for use """"TLS 1.2""""
That question when Mozilla will pass this SSL test for AES cipher, 256-bit key https://www.fortify.net/sslcheck.html
|
||
Updated•7 years ago
|
Severity: normal → major
Has Regression Range: --- → irrelevant
Has STR: --- → irrelevant
Keywords: privacy
OS: Windows 8 → All
Hardware: x86 → All
Summary: https --ssl cipher, 256-bit key → Firefox doesn't support/report "AES cipher, 256-bit key" on https://www.fortify.net/sslcheck.html
Version: 26 Branch → unspecified
Adblock Plus by Wladimir Palant doesn't works in Firefox 57 Find a Replacement ??
|
||
Comment 8•7 years ago
|
||
Not sure what this website is testing but AES 256 has been enabled for a while in Firefox.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
Ok close this Bug.I only check again "Pwn2Own's" .They can use this vulnerability.
You need to log in
before you can comment on or make changes to this bug.
Description
•