On Friday, 22 July 2016 12:08:00 CEST Hubert Kario wrote:
> (I'll try to have more concrete numbers on Monday)
So I extended the scanning script to perform two tests - send a "Very
Compatible"[1] Client Hello and ones that was extended to be 64KiB long either
through addition of padding extensio
I've just run into a weird interoperability problem with an (alleged)
cloudflare/nginx TLS server and my personal Firefox settings.
https://regmedia.co.uk/2015/07/14/giant_weta_mike_locke_flicker_cc_20.jpg
Traditionally I have all TLS ciphersuites with ECDSA disabled through
about:config, but it
On Mon, Jul 25, 2016 at 09:08:49PM +0200, Martin Rex wrote:
> I've just run into a weird interoperability problem with an (alleged)
> cloudflare/nginx TLS server and my personal Firefox settings.
>
> https://regmedia.co.uk/2015/07/14/giant_weta_mike_locke_flicker_cc_20.jpg
>
>
> Traditionally I
> On Jul 25, 2016, at 3:08 PM, Martin Rex wrote:
>
> https://regmedia.co.uk/2015/07/14/giant_weta_mike_locke_flicker_cc_20.jpg
FWIW, OpenSSL interoperates with this server:
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4169 bytes and written 310
> On Jul 25, 2016, at 3:08 PM, Martin Rex wrote:
>
> specifically, after the FF update, this new TLS ciphersuite:
>
> security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256 (0xcc, 0xa9)
>
> was the only ECDSA cipher suite enabled in my Firefox 47.0.1, and this
> kills connectivity (TLS handshake_fail
On Mon, Jul 25, 2016 at 04:36:27PM -0400, Viktor Dukhovni wrote:
>
> > On Jul 25, 2016, at 3:08 PM, Martin Rex wrote:
> >
> > specifically, after the FF update, this new TLS ciphersuite:
> >
> > security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256 (0xcc, 0xa9)
> >
> > was the only ECDSA cipher suit
If I remember/understand correctly, the cloudflare patch for chacha/poly
would (when server preference is in use) only attempt to use it when it
appeared first in the client's preference list, and would ignore it
elsewhere. This could potentially lead to negotiation failures if,
e.g., the server o
Hi folks,
I'm not sure how this process usually works, but I would like to reserve a
bunch of values in the TLS registries to as part of an idea to keep our
extension points working. Here's an I-D:
https://tools.ietf.org/html/draft-davidben-tls-grease-00
(The name GREASE is in honor of AGL's rust
On Mon, Jul 25, 2016 at 6:32 PM David Benjamin
wrote:
> Hi folks,
>
> I'm not sure how this process usually works, but I would like to reserve a
> bunch of values in the TLS registries to as part of an idea to keep our
> extension points working. Here's an I-D:
> https://tools.ietf.org/html/draft
On Mon, Jul 25, 2016 at 10:32:29PM +, David Benjamin wrote:
> I'm not sure how this process usually works, but I would like to reserve a
> bunch of values in the TLS registries to as part of an idea to keep our
> extension points working. Here's an I-D:
>
> https://tools.ietf.org/html/draft-da
On Mon, Jul 25, 2016 at 7:23 PM Viktor Dukhovni
wrote:
> On Mon, Jul 25, 2016 at 10:32:29PM +, David Benjamin wrote:
>
> > I'm not sure how this process usually works, but I would like to reserve
> a
> > bunch of values in the TLS registries to as part of an idea to keep our
> > extension poi
11 matches
Mail list logo
