Closed
Bug 925816
Opened 11 years ago
Closed 11 years ago
Firefox 25 support TLSv1.2 but not SHA-2 ciphers as MAC
Categories
(Core :: Security: PSM, defect)
Core
Security: PSM
Tracking
()
RESOLVED
INVALID
People
(Reporter: frank, Unassigned)
Details
User Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/30.0.1599.66 Safari/537.36 Steps to reproduce: Visit https://cc.dcsec.uni-hannover.de Actual results: Not SHA-2 is available in MAC, all ciphers available just use SHA1 in MAC. Expected results: Allow SHA-2 in MAC
|
||
Comment 1•11 years ago
|
||
Apologies if this is the wrong component...
Assignee: nobody → nobody
Component: Untriaged → Libraries
Product: Firefox → NSS
Version: 25 Branch → trunk
|
||
Updated•11 years ago
|
Assignee: nobody → nobody
Component: Libraries → Security: PSM
OS: Linux → All
Product: NSS → Core
Hardware: x86_64 → All
Version: trunk → Trunk
|
|
||
Comment 2•11 years ago
|
||
Thanks for your input. This is by design. See [1] and [2]. I believe that the Chromium team is also avoiding the HMAC-SHA256 cipher suites for the same reasons. We are adding AES-GCM support though; see bug 916226. [1] https://briansmith.org/browser-ciphersuites-01.html [2] https://groups.google.com/d/topic/mozilla.dev.tech.crypto/gFfKw3EOffo/discussion
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
Thanks for you reply Brain, is a honer to me ;) I tested last Google Chrome and Opera browsers: both support HMAC ciphers with SHA-2. The problem with AES-GCM is that sysadmin need Apache 2.4 (I think) to deploy such ciphers, and still remain few months until majors distros come with Apache 2.4 out the box, for example, next Ubuntu LTS will include it, but still remains about six months. Don't you think a little premature pull out SHA-2 for HMAC by these days?
You need to log in
before you can comment on or make changes to this bug.
Description
•