Terry Melton wrote: > I was reading the list of cipher suites supported by NSS 3.11 > (http://www.mozilla.org/projects/security/pki/nss/nss-3.11/nss-3.11-algorithms.html) > and I was attempting to match them up with the preferences listed in > "about:config." However a few questions arose that I haven't been able > to puzzle out myself from the documentation I've found and the messages > I've looked through in this news group. Does anyone have an idea about > the following: > > 1) On the page that lists the algorithms available in NSS 3.11 it > states that some ciphers are not implemented. Does anyone know which > algorithms have not yet been added?
I think that comment is obsolete, no longer true. I think NSS now implements the technologies listed on that page. > 2) Is there any way to toggle specific TLS ciphers on and off as it is > possible to do for SSLv3 in the FF preferences? For example is there a > TLS equivalent to a preference like "security.ssl3.rsa_aes_128_sha"? SSL3 and TLS share a common space of cipher suites. The suites named SSL3-RSA-with-RC4-128-MD5 and TLS-RSA-with-RC4-128-MD5 are in fact one and the same suite. The choice of naming used in NSS (i.e., whether the name starts with SSL3 or TLS) reflects whether the cipher suite was added to the common space before or after the TLS RFC was published. When you enable or disable a suite, you do so for both SSL3 and TLS. > 3) Does anyone know if any of the following SSLv3 ciphers are > implemented: > SSL_RSA_EXPORT_WITH_DES40_CBC_SHA > SSL_DHE_DSS_WITH_RC4_128_SHA > SSL_RSA_WITH_IDEA_CBC_SHA NSS's list of implemented cipher suites is shown at http://lxr.mozilla.org/security/source/security/nss/lib/ssl/sslenum.c Be aware that all the _DHE_ cipher suites are presently supported only for clients and not for servers. I hope to fix that soon, but it's not (yet) a high priority. > If my questions are not clear enough, please let me know. > > Regards, > TM Regards, -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
