- FF claims it does DHE/EDH, but it does not actually, in practice. It does either EC, or RSA. I've tested it. (v52) This does not look like an accident.
Have you find a server that does DHE/EDH, and only that, that FF cannot connect to?
I've set mine to test this comprehensively. (Apache and NginX) With Apache Firefox -ignores- server-prescribed ciphers and chooses an EC. NginX does properly prevail with the algo. Was this an accident, Apache?
And Firefox simply can not make a connexion when the only choices are the DHE/EDH algos -- which they say they can do here.
- "Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can."
I missed that, thanks. And for non-NSA curves that aren’t influenced?
As with Schnier, I don't trust any EC. It's a shame. I am looking forward to independent lattice. (Not that Mozilla, will implement it) For now I'm set to DHE/EDH (fruitlessly) and RSA (AES). RSA is cracked by a very few, but this is the decision I've made.
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
