From: Jimmy Yuen Ho Wong <wyuenho@gmail.com>
To: Lars Ingebrigtsen <larsi@gnus.org>
Cc: 31946@debbugs.gnu.org, Noam Postavsky <npostavs@gmail.com>
Subject: bug#31946: 27.0.50; The NSM should warn about more TLS problems
Date: Thu, 28 Jun 2018 19:15:48 +0100 [thread overview]
Message-ID: <CAKDRQS71J_bPMnSB77nPx_fYzAfgwqTVgNuCALBB3zVy_xv9JA@mail.gmail.com> (raw)
In-Reply-To: <m3h8lmhmlf.fsf@gnus.org>
The Telemetry data[1] from Mozilla in bug report 1227519[2] suggests
DHE usage is very low for HTTP. No data for any other protocol.
I just used Wireshark on Chrome and Firefox on macOS, they all seem to
advertise DH and DHE cipher suites in Client Hello for TLS 1.2, they
even advertise CBC mode ciphers too. While I'm not sure about Firefox,
surely Chrome has removed DHE_SHA KX and CBC modes according to
ChromeStatus[3]?
[1]: https://tlscanary.mozilla.org/runs/2018-01-25-01-21-44/
[2]: https://bugzilla.mozilla.org/show_bug.cgi?id=1227519
[3]: https://www.chromestatus.com/features#tls
On Thu, Jun 28, 2018 at 6:01 PM, Lars Ingebrigtsen <larsi@gnus.org> wrote:
> Jimmy Yuen Ho Wong <wyuenho@gmail.com> writes:
>
>>> I can't see that that web page mentions Diffie-Hellman at all?
>>>
>>
>> Click on the individual browsers.
>
> I see.
>
>> SSLLabs only reports that Firefox 59 / Win 7 has dropped support for
>> DHE_RSA in the UA capabilities page[1], but client test[2] still shows
>> it is supported, so does Chrome and Safari. I don't understand what's
>> going on there. Could that list in in client test be static? Or that
>> browsers still advertise their support for DHE_RSA when in fact they
>> don't? Might have to get on a server and log out the TLS handshake to
>> see what's actually going on...
>>
>> [1]: https://www.ssllabs.com/ssltest/clients.html
>> [2]: https://www.ssllabs.com/ssltest/viewMyClient.html
>
> My
>
> Chromium 66.0.3359.117 (Developer Build) built on Debian 9.4,
> running on Debian 9.4 (64-bit)
>
> on the viewMyClient reports not supporting DHE-RSA.
>
> Confusing. :-)
>
> I tried finding a web site that says how many sites do not support ECDHE
> as key exchange, and only found something from 2014 that says that was
> 60%...
>
> --
> (domestic pets only, the antidote for overdose, milk.)
> bloggy blog: http://lars.ingebrigtsen.no
next prev parent reply other threads:[~2018-06-28 18:15 UTC|newest]
Thread overview: 59+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-06-23 10:38 bug#31946: 27.0.50; The NSM should warn about more TLS problems Lars Ingebrigtsen
2018-06-24 13:43 ` Lars Ingebrigtsen
2018-06-26 1:23 ` Noam Postavsky
2018-06-26 4:11 ` Jimmy Yuen Ho Wong
2018-06-26 6:26 ` Jimmy Yuen Ho Wong
2018-06-26 12:44 ` Noam Postavsky
2018-06-26 14:38 ` Eli Zaretskii
2018-07-03 15:08 ` Lars Ingebrigtsen
2018-07-04 1:34 ` Noam Postavsky
2018-07-08 14:20 ` Lars Ingebrigtsen
2018-07-08 14:21 ` Lars Ingebrigtsen
2018-07-08 14:22 ` Lars Ingebrigtsen
2018-07-08 18:34 ` Lars Ingebrigtsen
2018-07-08 18:50 ` Noam Postavsky
2018-07-08 20:01 ` Lars Ingebrigtsen
2018-07-10 2:04 ` Noam Postavsky
2018-07-22 11:05 ` Lars Ingebrigtsen
2018-07-29 14:45 ` Noam Postavsky
2018-07-08 18:36 ` Lars Ingebrigtsen
2018-07-08 19:20 ` Lars Ingebrigtsen
2018-07-08 14:23 ` Lars Ingebrigtsen
2018-06-26 9:27 ` Lars Ingebrigtsen
2018-06-26 14:42 ` Eli Zaretskii
2018-06-27 0:45 ` Noam Postavsky
2018-06-27 5:09 ` Jimmy Yuen Ho Wong
2018-06-27 12:07 ` Lars Ingebrigtsen
2018-06-27 12:20 ` Lars Ingebrigtsen
2018-06-27 15:16 ` Eli Zaretskii
2018-06-27 16:40 ` Jimmy Yuen Ho Wong
2018-06-28 16:10 ` Lars Ingebrigtsen
2018-06-28 0:14 ` Noam Postavsky
2018-06-28 15:58 ` Jimmy Yuen Ho Wong
2018-06-28 16:15 ` Lars Ingebrigtsen
2018-06-28 16:42 ` Jimmy Yuen Ho Wong
2018-06-28 17:01 ` Lars Ingebrigtsen
2018-06-28 18:15 ` Jimmy Yuen Ho Wong [this message]
2018-06-29 5:21 ` Jimmy Yuen Ho Wong
2018-06-29 5:25 ` Jimmy Yuen Ho Wong
2018-06-30 17:28 ` Jimmy Yuen Ho Wong
2018-06-30 20:30 ` Noam Postavsky
2018-06-30 23:15 ` Jimmy Yuen Ho Wong
2018-06-30 23:35 ` Noam Postavsky
2018-07-01 15:01 ` Eli Zaretskii
2019-08-26 4:34 ` Lars Ingebrigtsen
2019-08-26 13:13 ` Andy Moreton
2019-08-26 16:07 ` Eli Zaretskii
2019-08-26 17:45 ` Andy Moreton
2019-08-26 18:12 ` Eli Zaretskii
2019-08-26 18:19 ` Andy Moreton
2019-08-26 19:36 ` Eli Zaretskii
2019-08-26 22:56 ` Andy Moreton
2019-08-27 7:23 ` Eli Zaretskii
2019-08-27 15:25 ` Andy Moreton
2019-08-27 15:50 ` Eli Zaretskii
2019-08-27 8:01 ` bug#31946: 27.0.50; GnuTLS still crashes on MinGW Markus Weber
2019-08-27 15:00 ` Eli Zaretskii
2019-08-27 15:50 ` Eli Zaretskii
2019-08-29 8:05 ` mw
2019-08-29 12:20 ` Eli Zaretskii
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAKDRQS71J_bPMnSB77nPx_fYzAfgwqTVgNuCALBB3zVy_xv9JA@mail.gmail.com \
--to=wyuenho@gmail.com \
--cc=31946@debbugs.gnu.org \
--cc=larsi@gnus.org \
--cc=npostavs@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.