Re: oddball, old cipher suite in firefox client hello

2013-11-01 Thread Ryan Sleevi
On Fri, November 1, 2013 5:30 pm, Wan-Teh Chang wrote: > On Fri, Nov 1, 2013 at 1:28 AM, Jeff Hodges > wrote: > > > > I dug through the NSS codebase and found where it was defined in > > lib/ssl/sslproto.h as: > > > > /* New non-experimental openly spec'ed versions of those cipher > > suites.

Re: oddball, old cipher suite in firefox client hello

2013-11-01 Thread Robert Relyea
On 11/01/2013 01:43 AM, Brian Smith wrote: > On Fri, Nov 1, 2013 at 1:28 AM, Jeff Hodges wrote: >> /* New non-experimental openly spec'ed versions of those cipher suites. */ >> #define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff >> #define SSL_RSA_FIPS_WITH_DES_CBC_SHA 0xfefe >> >> Does

Re: Proposal to Change the Default TLS Ciphersuites Offered by Browsers

2013-11-01 Thread Kurt Roeckx
On Fri, Nov 01, 2013 at 10:22:22AM +0100, Kurt Roeckx wrote: > On Mon, Oct 07, 2013 at 09:06:54PM +0200, Kurt Roeckx wrote: > > On Fri, Aug 30, 2013 at 01:10:08AM +0200, Kurt Roeckx wrote: > > > So what needs to happen so that we can move on with this? > > > > I still have the same question. Noth

Re: Proposal to Change the Default TLS Ciphersuites Offered by Browsers

2013-11-01 Thread Gervase Markham
On 01/11/13 09:41, Dirkjan Ochtman wrote: > His Bugzilla status suggests Brian might have left Mozilla: > > "Brian Smith (:briansmith, was :bsm...@mozilla.com; NEEDINFO me if you > want a response)" No, Brian hasn't left Mozilla - he just decided to use a different primary email address. I too w

Re: Proposal to Change the Default TLS Ciphersuites Offered by Browsers

2013-11-01 Thread Dirkjan Ochtman
On Fri, Nov 1, 2013 at 10:22 AM, Kurt Roeckx wrote: > So it's been 2 months since the last discussion about this. Can > we please move on? His Bugzilla status suggests Brian might have left Mozilla: "Brian Smith (:briansmith, was :bsm...@mozilla.com; NEEDINFO me if you want a response)" So tha

Re: Proposal to Change the Default TLS Ciphersuites Offered by Browsers

2013-11-01 Thread Kurt Roeckx
On Mon, Oct 07, 2013 at 09:06:54PM +0200, Kurt Roeckx wrote: > On Fri, Aug 30, 2013 at 01:10:08AM +0200, Kurt Roeckx wrote: > > So what needs to happen so that we can move on with this? > > I still have the same question. Nothing seems to be happening. So it's been 2 months since the last discus

Re: oddball, old cipher suite in firefox client hello

2013-11-01 Thread Jeff Hodges
Apologies, I said 1.2 here for the server, but, of course, it negotiated as TLS 1.0. On Fri, Nov 1, 2013 at 1:28 AM, Jeff Hodges wrote: > Hey, > > While poking around with a new web app I'm building, I noticed that > Firefox 25.0 is emitting cipher suite 0xFEFF in its client hello to TLS 1.2 > s

Re: oddball, old cipher suite in firefox client hello

2013-11-01 Thread Brian Smith
On Fri, Nov 1, 2013 at 1:28 AM, Jeff Hodges wrote: > /* New non-experimental openly spec'ed versions of those cipher suites. */ > #define SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA 0xfeff > #define SSL_RSA_FIPS_WITH_DES_CBC_SHA 0xfefe > > Does anyone know what spec this cipher suite came from?

oddball, old cipher suite in firefox client hello

2013-11-01 Thread Jeff Hodges
Hey, While poking around with a new web app I'm building, I noticed that Firefox 25.0 is emitting cipher suite 0xFEFF in its client hello to TLS 1.2 servers[1] and was hoping some of you might be able to tell me more about it. I wasn't able to find a spec referencing it (other than the TLS specs r