On Thu, Jul 10, 2014 at 5:00 AM, Hubert Kario <hka...@redhat.com> wrote: > ----- Original Message ----- >> From: "Brian Smith" <br...@briansmith.org>
<snip> >> However, it is likely that crypto libraries that make the two changes above >> will also have support for TLS_ECDHE_*_WITH_AES_*_GCM cipher suites too. >> So, I hope that they also enable TLS_ECDHE_*_WITH_AES_*_GCM at the same >> time they deploy these changes. <snip> > What basis do you have to assume that server administrators will actually > upgrade their Apache/nginx/lighttpd/OpenSSL/etc. installations? In this thread you pointed out that a number of websites had updated their servers to add TLS_RSA_WITH_AES*_GCM* and disable TLS_RSA_WITH_*_CBC_*, so that Firefox now only negotiates RC4 with them when it could be negotiating AES-GCM. The fact that they updated their servers to add non-ECDHE AES-GCM support is good evidence that these server administrators are paying attention and are likely to update if/when their server software vendor gives it to them if it solves a need (like improving what Firefox negotiates), right? Regarding your request about how to write the addon: I don't have time to work on that addon, but I know it is possible to write it. Cheers, Brian -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
