Support for stronger ciphers in the browser

asked 2015-06-25 18:22:31 +0200

slaveriq gravatar image

updated 2016-08-17 11:31:33 +0200

jiit gravatar image

Please add ciphers stronger than ECDHE-ECDSA-AES256-SHA1 Right now one has to either use AES128 and SHA256 or AES256 and SHA1 if one wants to use the elliptic curve DH key exchange.

Performance is not an issue with stronger ciphers. Web Pirate already supports them.

You can test the cipher support by visiting https://cc.dcsec.uni-hannover.de/ with the jolla browser.

My suggestion would be to add the following until openssl supports chacha or libressl takes over the world:

ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384
edit retag flag offensive close delete

Comments

The top most cypher suites are the same as with my desktop FF.... 

Spec    Cipher Suite Name
(c0,2b)    ECDHE-ECDSA-AES128-GCM-SHA256 
(c0,2f)    ECDHE-RSA-AES128-GCM-SHA256
(c0,0a)    ECDHE-ECDSA-AES256-SHA
(c0,09)    ECDHE-ECDSA-AES128-SHA

So what are you asking for? ECDHE-RSA-AES256-GCM-SHA384? (that is the highest I could get with std clients I have available atm)

chemist ( 2015-06-25 18:39:06 +0200 )edit
1

any of these would suit my needs:

ECDHE-ECDSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=ECDSA Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AESGCM(256) Mac=AEAD
ECDHE-RSA-AES256-SHA384 TLSv1.2 Kx=ECDH     Au=RSA  Enc=AES(256)  Mac=SHA384

at least until openssl get's chacha support.

slaveriq ( 2015-06-25 19:06:47 +0200 )edit