Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 12 Mar 2015 00:59:13 +0000
From:      "Del Monego, Dirk" <ddm@dacs-labs.com>
To:        gecko@FreeBSD.org
Subject:   Firefox Cipher
Message-ID:  <4e25ed5dae7a5193a253345dfb1308feb0e749c3@dacs-labs.com>
next in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
Hi all,

first of all many thanks for maintaining the Firefox port! I regionized that a very important Cipher
is not included in Firefox:
DHE-RSA-AES256-GCM-SHA256

only the ECDHE version is supported. In fact ECDHE is compromized because its based on
NIST curves which using prime fields instead of a "real" prime generator.
I patch my Firefox for month and it works absolutely fine. 

Only the files:
nsNSSComponent.cpp and
security-prefs.js
need small patches. I attach the diffs.

I think it would be nice if Firefox supports the cipher "out of the box".

Best regards Dirk



[-- Attachment #2 --]
--- work/mozilla-release/security/manager/ssl/src/nsNSSComponent.cpp	2015-01-09 05:38:28.000000000 +0100
+++ work_new/mozilla-release/security/manager/ssl/src/nsNSSComponent.cpp	2015-01-22 23:10:09.439120294 +0100
@@ -646,6 +646,9 @@
  { "security.ssl3.ecdhe_rsa_des_ede3_sha",
    TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, false }, // deprecated (3DES)
 
+{ "security.ssl3.dhe_rsa_aes_128_gcm_sha256",
+   TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, true },
+
  { "security.ssl3.dhe_rsa_aes_128_sha",
    TLS_DHE_RSA_WITH_AES_128_CBC_SHA, true },
 

[-- Attachment #3 --]
--- work/mozilla-release/netwerk/base/public/security-prefs.js	2015-01-09 05:38:26.000000000 +0100
+++ work_new/mozilla-release/netwerk/base/public/security-prefs.js	2015-01-22 23:10:01.149121260 +0100
@@ -25,6 +25,7 @@
 pref("security.ssl3.ecdhe_rsa_aes_256_sha", true);
 pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true);
 pref("security.ssl3.ecdhe_rsa_des_ede3_sha", false);
+pref("security.ssl3.dhe_rsa_aes_128_gcm_sha256", true);
 pref("security.ssl3.dhe_rsa_aes_128_sha", true);
 pref("security.ssl3.dhe_rsa_camellia_128_sha", false);
 pref("security.ssl3.dhe_rsa_aes_256_sha", true);

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4e25ed5dae7a5193a253345dfb1308feb0e749c3>