On 2015/02/28 10:03, nellie.pet...@safe-mail.net wrote: > I propose removal of the following ciphersuite: > > 0032 TLS_DHE_DSS_WITH_AES_128_CBC_SHA > > because DSS (the non-EC version) is obsolete, and based on preliminary > telemetry and Pulse data is not being negotiated at all with any servers out > there. My testing indicates that there are no public nor private servers that > would support only this ciphersuit - please provide some data if you think > otherwise.
TLS_DHE_DSS_WITH_AES_128_CBC_SHA has been already removed from Fx 37 by Bug 1073867 and 1114295. https://bugzilla.mozilla.org/show_bug.cgi?id=1073867 https://bugzilla.mozilla.org/show_bug.cgi?id=1114295 > > I also propose removing the following ciphersuit: > > 000A TLS_RSA_WITH_3DES_EDE_CBC_SHA > > because 3DES is a cipher that requires too much computing power compared to > AES, much more computer memory, lacks hardware acceleration on servers, is > rarely negotiated, has had its bitstrenght reduced below 128bits, and its > removal is on track with avoiding (and eventually removing) RSA key exchange. > Additionally, the servers that support (or even prefer!) 3DES always support > some AES ciphersuit too. Some of old servers offer only TLS_RSA_WITH_3DES_EDE_CBC_SHA and TLS_RSA_WITH_RC4_SHA. If TLS_RSA_WITH_3DES_EDE_CBC_SHA is removed, TLS_RSA_WITH_RC4_SHA will be used. -- Kosuke Kaizuka <cai.0...@gmail.com> -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
