Re: Ciphersuites (was Re: Mandatory to implement cipher suites)

On Jul 19, 2014 3:33 PM, "Brian Smith" <> wrote:
> > I'm afraid we can't really do that without a risk of interoperability
> > failure.  TLS mandates something that we prohibit the use of.
> Martin, I'm not sure what you are referring to with the pronouns in
> those two sentences. What can't we really do without the risk of
> interoperability failure? What is TLS mandating that we prohibit the
> use of?

TLS1.2, our minimum version, mandates RSA+AES-CBC. That is the only cipher
suite that is guaranteed to be present in a 1.2 implementation. But it does
not permit PFS, and it's not AEAD, so we have declared it to be verboten.
That leaves a real possibility that two implementations of HTTP/2 fail to
have a valid suite in common.

Your other points are noted. I'm not sure what I can do about them without
a time machine.

Regarding the DHE suite, I only have my phone, but I did check that the DHE
suite is listed and enabled by default in NSS code. Did I miss something?

Received on Sunday, 20 July 2014 02:29:13 UTC