• Registered: 2013-12-19
  • Posts: 3

Topic: Firefox ECDHE/ECDSA Support

Latest Firefox ESR 24 versions in Centos 6.5 support numerous ECDSA/ECDHE encryption:
(From Qualsys SSL browser check):
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)   Forward Secrecy     256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   Forward Secrecy     256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)   Forward Secrecy     128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   Forward Secrecy     128
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)   Forward Secrecy     168
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)   Forward Secrecy     168


However, with remi's later Firefox version, none of these are supported.  Are there plans to add these in?

  • Remi
  • Remi
  • Administrateur
  • Offline
  • From: Champagne...
  • Registered: 2009-04-28
  • Posts: 3,834

Re: Firefox ECDHE/ECDSA Support

At firefox 26 buildtime, I used RHEL-6.4 library because at that time, clones were not ready (CentOS, Scientific Linux, ...)

For next build, I will switch to RHEL6.5.

And I will check those.

Laptop:  Fedora 38 + rpmfusion + remi (SCL only)
x86_64 builder: Fedora 39 + rpmfusion + remi-test
aarch64 builder: RHEL 9 with EPEL
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi

Remi's Website

  • Registered: 2013-12-19
  • Posts: 3

Re: Firefox ECDHE/ECDSA Support

That would probably do it.  RH rebased a bunch of security related packages like OpenSSL and the more specifically related NSS to newer versions which I think support EC now.

  • Remi
  • Remi
  • Administrateur
  • Offline
  • From: Champagne...
  • Registered: 2009-04-28
  • Posts: 3,834

Re: Firefox ECDHE/ECDSA Support

Please test the new build (26.0-2), it seems ok.

Laptop:  Fedora 38 + rpmfusion + remi (SCL only)
x86_64 builder: Fedora 39 + rpmfusion + remi-test
aarch64 builder: RHEL 9 with EPEL
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi

Remi's Website

  • Registered: 2013-12-19
  • Posts: 3

Re: Firefox ECDHE/ECDSA Support

Awesome, that did the trick, with Firefox 26.0-2:
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a)   Forward Secrecy     256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)   Forward Secrecy     256
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009)   Forward Secrecy     128
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)   Forward Secrecy     128
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008)   Forward Secrecy     168
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)   Forward Secrecy     168

  • Remi
  • Remi
  • Administrateur
  • Offline
  • From: Champagne...
  • Registered: 2009-04-28
  • Posts: 3,834

Re: Firefox ECDHE/ECDSA Support

smile

Laptop:  Fedora 38 + rpmfusion + remi (SCL only)
x86_64 builder: Fedora 39 + rpmfusion + remi-test
aarch64 builder: RHEL 9 with EPEL
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi

Remi's Website