If you think a bug might affect users in the 57 release, please set the correct tracking and status flags for Release Management.

Information about supported ciphers and preference order (about:cipher)

NEW
Unassigned

Status

()

Firefox
Security
4 years ago
3 years ago

People

(Reporter: micmon, Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

4 years ago
There should be a way to get information about the supported ciphers (and preference order) of the running Firefox build. I was thinking about a simple about: page like "about:cipher" which just lists the supported cipher suits in OpenSSL format. 

Why is this information important? Right now it is very hard to find out which cipher suits a given version of Firefox is supposed to support (if there already is a way to get this information please tell me). This information is very useful when choosing cipher suits on the server side.

Comment 1

3 years ago
see also, just wondered why aes128 were preferred of aes256 ?

Some links illustrating the reasoning behind:
- http://www.mail-archive.com/dev-tech-crypto@lists.mozilla.org/msg11247.html
- https://briansmith.org/browser-ciphersuites-01.html
- https://wiki.mozilla.org/Security/Server_Side_TLS

I still would like to be able to see what order my current v35.0.1 firefox uses without going to the program sources...

see also bug 430875
You should be able to find that information by doing a client ssl check on ssllabs.com:

https://www.ssllabs.com/ssltest/viewMyClient.html

Comment 3

3 years ago
Good to have a third party providing that info!
Since I have no clue who is running that site and how reliable they are, I still prefer *my* browser-client of choice to convey that info directly to me. 
Anyway, ssllabs appears to be "good" for now and it hints at TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 currently being the favourite with firefox and chrome (https://code.google.com/p/chromium/issues/detail?id=442572 and https://code.google.com/p/chromium/issues/detail?id=58833)

Microsoft on the contrary prefers AES256 since april 2014 as per https://support.microsoft.com/kb/2929781
Since there are multiple other trustworthy third-parties providing that information [1][2], I really don't think it's necessary to have a dedicated about:ciphers page for that. Btw i.a. Qualys is the security company that found the 14y/o GHOST vulnerability that is currently keeping the internet on fire[3].

[1] https://www.howsmyssl.com/
[2] https://cc.dcsec.uni-hannover.de/
[3] https://www.istheinternetonfire.com/

Comment 5

3 years ago
see also Bug 1126830

Comment 6

3 years ago
You can see the enabled ciphers by searching for "ssl3" in "about:config" as per  attachment 8556893 [details] - just the apparently often server-ignored preference order is not visible with that.
You need to log in before you can comment on or make changes to this bug.