We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Funkcionalnosć toś togo sedła se pśez wótwardowańske źěła wobgranicujo, kótarež maju wašo dožywjenje pólěpšyś. Jolic nastawk waš problem njerozwězujo a cośo pšašanje stajiś, wobrośćo se na našo zgromoźeństwo pomocy, kótarež na to caka, wam na @FirefoxSupport na Twitter a /r/firefox na Reddit pomagaś.

Avatar for Username

Pomoc pśepytaś

Glědajśo se wobšudy pomocy. Njenapominajomy was nigda, telefonowy numer zawołaś, SMS pósłaś abo wósobinske informacije pśeraźiś. Pšosym dajśo suspektnu aktiwitu z pomocu nastajenja „Znjewužywanje k wěsći daś“ k wěsći.

Dalšne informacije

Toś ta nitka jo se zacyniła a archiwěrowała. Pšosym stajśo nowe pšašanje, joli trjebaśo pomoc.

Bad Firefox implementation of SSL/TLS (error: ssl_error_no_cypher_overlap, RC4 and 3DES are turned OFF)

  • 1 wótegrono
  • 1 ma toś ten problem
  • 9 naglědow
  • Slědne wótegrono wót cor-el

rasj
rasj
more options

When I turned OFF RC4 and 3DES Firefox can't connect to some SSL-server. But Internet Explorer and Opera with the same (absence of RC4 and 3DES and to the same server) can do it.

Why? I think this is the BAD implementation of SSL/TLS or a BUG!

And why in Firefox there are no cipher suits with SHA-256? I see in ServerHello a cipher suite(choosen by server): TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) But this cipher suite absent in Firefox!


Firefox cipher suits:

TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088) TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087) TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f) TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005) TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084) TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045) TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044) TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032) TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e) TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004) TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041) TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)


Opera cipher suits:

TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b) TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a) TLS_DH_RSA_WITH_AES_256_CBC_SHA256 (0x0069) TLS_DH_DSS_WITH_AES_256_CBC_SHA256 (0x0068) TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) TLS_DH_RSA_WITH_AES_256_CBC_SHA (0x0037) TLS_DH_DSS_WITH_AES_256_CBC_SHA (0x0036) TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)


IE cipher suits:

TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a) TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)

When I turned OFF RC4 and 3DES Firefox can't connect to some SSL-server. But Internet Explorer and Opera with the same (absence of RC4 and 3DES and to the same server) can do it. Why? I think this is the BAD implementation of SSL/TLS or a BUG! And why in Firefox there are no cipher suits with SHA-256? I see in ServerHello a cipher suite(choosen by server): TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) But this cipher suite absent in Firefox! Firefox cipher suits: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0088) TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA (0x0087) TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) TLS_ECDH_RSA_WITH_AES_256_CBC_SHA (0xc00f) TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA (0xc005) TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084) TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013) TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0045) TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA (0x0044) TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x0033) TLS_DHE_DSS_WITH_AES_128_CBC_SHA (0x0032) TLS_ECDH_RSA_WITH_AES_128_CBC_SHA (0xc00e) TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA (0xc004) TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041) TLS_RSA_WITH_AES_128_CBC_SHA (0x002f) Opera cipher suits: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 (0x006b) TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a) TLS_DH_RSA_WITH_AES_256_CBC_SHA256 (0x0069) TLS_DH_DSS_WITH_AES_256_CBC_SHA256 (0x0068) TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x0039) TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038) TLS_DH_RSA_WITH_AES_256_CBC_SHA (0x0037) TLS_DH_DSS_WITH_AES_256_CBC_SHA (0x0036) TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) IE cipher suits: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d) TLS_RSA_WITH_AES_256_CBC_SHA (0x0035) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014) TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028) TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 (0x006a) TLS_DHE_DSS_WITH_AES_256_CBC_SHA (0x0038)

Wót rasj změnjony

Wšykne wótegrona (1)

cor-el
cor-el
  • Moderator
  • Top 10 Contributor
more options

I think that it is best to keep the discussion in one thread, so I locking the other two that you created.

Please continue here: [/questions/976999]