Sorry I've been away. TLS 1.0 (and SSL 3.0) was definitely checked. I did not explicitly disable any cipher suites.
The windows version of FF3 mysteriously seems to be working. May have needed a reboot/restart of Windows and/or Firefox. "Wan-Teh Chang" <[EMAIL PROTECTED]> wrote in message news:[EMAIL PROTECTED] > On Fri, Jul 25, 2008 at 6:59 AM, mozilla <[EMAIL PROTECTED]> wrote: >> I expected FF3.0.1 to do TLS with the specific ECC ciphersuite that you >> identify. However, my FF3 is not offering the ECC suites in its client >> hello. I downloaded FF3.0.1 from the mozilla.com site yesterday >> (7/24/08). I >> just did the quick download without any custom configuration. (There >> should >> not have been any previous versions of NSS on the system.) >> >> The SSLtap of the Windows version of FF shows only 11 suites being >> offered: >> cipher_suites[11] = { >> (0x0004) SSL3/RSA/RC4-128/MD5 >> (0x0005) SSL3/RSA/RC4-128/SHA >> (0x000a) SSL3/RSA/3DES192EDE-CBC/SHA >> (0x0009) SSL3/RSA/DES56-CBC/SHA >> (0x0064) TLS/RSA-EXPORT1024/RC4-56/SHA >> (0x0062) TLS/RSA-EXPORT1024/DES56-CBC/SHA >> (0x0003) SSL3/RSA/RC4-40/MD5 >> (0x0006) SSL3/RSA/RC2CBC40/MD5 >> (0x0013) SSL3/DHE-DSS/DES192EDE3CBC/SHA >> (0x0012) SSL3/DHE-DSS/DES56-CBC/SHA >> (0x0063) TLS/DHE-DSS_EXPORT1024/DES56-CBC/SHA >> } > > Did you disable TLS 1.0? Please check > Tools > Options > Encryption > Protocols. Is the "Use TLS 1.0" > checkbox checked? > > You also seem to have disabled the AES and Camellia cipher suites, > which Firefox 3.0.1 supports. > > This is what I get from Firefox 3.0.1 on Windows: > cipher_suites[34] = { > (0xc00a) TLS/ECDHE-ECDSA/AES256-CBC/SHA > (0xc014) TLS/ECDHE-RSA/AES256-CBC/SHA > (0x0088) TLS/DHE-RSA/CAMELLIA256-CBC/SHA > (0x0087) TLS/DHE-DSS/CAMELLIA256-CBC/SHA > (0x0039) TLS/DHE-RSA/AES256-CBC/SHA > (0x0038) TLS/DHE-DSS/AES256-CBC/SHA > (0xc00f) TLS/ECDH-RSA/AES256-CBC/SHA > (0xc005) TLS/ECDH-ECDSA/AES256-CBC/SHA > (0x0084) TLS/RSA/CAMELLIA256-CBC/SHA > (0x0035) TLS/RSA/AES256-CBC/SHA > (0xc007) TLS/ECDHE-ECDSA/RC4-128/SHA > (0xc009) TLS/ECDHE-ECDSA/AES128-CBC/SHA > (0xc011) TLS/ECDHE-RSA/RC4-128/SHA > (0xc013) TLS/ECDHE-RSA/AES128-CBC/SHA > (0x0045) TLS/DHE-RSA/CAMELLIA128-CBC/SHA > (0x0044) TLS/DHE-DSS/CAMELLIA128-CBC/SHA > (0x0033) TLS/DHE-RSA/AES128-CBC/SHA > (0x0032) TLS/DHE-DSS/AES128-CBC/SHA > (0xc00c) TLS/ECDH-RSA/RC4-128/SHA > (0xc00e) TLS/ECDH-RSA/AES128-CBC/SHA > (0xc002) TLS/ECDH-ECDSA/RC4-128/SHA > (0xc004) TLS/ECDH-ECDSA/AES128-CBC/SHA > (0x0041) TLS/RSA/CAMELLIA128-CBC/SHA > (0x0004) SSL3/RSA/RC4-128/MD5 > (0x0005) SSL3/RSA/RC4-128/SHA > (0x002f) TLS/RSA/AES128-CBC/SHA > (0xc008) TLS/ECDHE-ECDSA/3DES-EDE-CBC/SHA > (0xc012) TLS/ECDHE-RSA/3DES-EDE-CBC/SHA > (0x0016) SSL3/DHE-RSA/3DES192EDE-CBC/SHA > (0x0013) SSL3/DHE-DSS/DES192EDE3CBC/SHA > (0xc00d) TLS/ECDH-RSA/3DES-EDE-CBC/SHA > (0xc003) TLS/ECDH-ECDSA/3DES-EDE-CBC/SHA > (0xfeff) SSL3/RSA-FIPS/3DESEDE-CBC/SHA > (0x000a) SSL3/RSA/3DES192EDE-CBC/SHA > } > > Wan-Teh _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
