I've just run into a weird interoperability problem with an (alleged) cloudflare/nginx TLS server and my personal Firefox settings.
https://regmedia.co.uk/2015/07/14/giant_weta_mike_locke_flicker_cc_20.jpg Traditionally I have all TLS ciphersuites with ECDSA disabled through about:config, but it seems that recently two new TLS ciphersuites were added to FF, which caused complete loss of interop with regmedia.co.uk for me with my existing configuration. (Loss of pictures&media on the www.theregister.co.uk news site). specifically, after the FF update, this new TLS ciphersuite: security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256 (0xcc, 0xa9) was the only ECDSA cipher suite enabled in my Firefox 47.0.1, and this kills connectivity (TLS handshake_failure alert) with regmedia.co.uk. It looks like a bug in the cloudflare/nginx cipher suites selection algorithm, which appears to blindly go for ECDSA, even though there is no actual ECDSA cipher suite available which the server supports. -Martin _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
