> - FF [claims it does
> DHE/EDH](https://urldefense.proofpoint.com/v2/url?u=https-3A__wiki.mozilla.org_Security_Server-5FSide-5FTLS-23Intermediate-5Fcompatibility-5F.28default.29&d=DwMGaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=XJoX203uiiC98n6L2888TI9zC37FTWeD7taNoV50GDE&s=v0qGxpAFrqvTmiNnI5_Cl-Yd-tKrA-FDw6jO-lERXjY&e=),
> but it does not actually, in practice. It does either EC, or RSA. I've
> tested it. (v52) This does not look like an accident.
>
> Have you find a server that does DHE/EDH, and only that, that FF cannot
> connect to?
I've set mine to test this comprehensively. (Apache and NginX) With Apache
Firefox -ignores- server-prescribed ciphers and chooses an EC. NginX does
properly prevail with the algo. Was this an accident, Apache?
And Firefox simply can not make a connexion when the only choices are the
DHE/EDH algos -- which they say they can do
[here](https://wiki.mozilla.org/Security/Server_Side_TLS#Intermediate_compatibility_.28default.29).
> - "Prefer conventional discrete-log-based systems over elliptic-curve
> systems; the latter have constants that the NSA influences when they can."
>
> I missed that, thanks. And for non-NSA curves that aren’t influenced?
As with Schnier, I don't trust any EC. It's a shame. I am looking forward to
[independent
lattice](https://policyreview.info/articles/news/post-snowden-cryptography-and-network-security/390).
(Not that Mozilla, will implement it) For now I'm set to DHE/EDH
(fruitlessly) and RSA (AES). RSA is cracked by a very few, but this is the
decision I've made.
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
