0

I tested the latest Firefox beta using https://cc.dcsec.uni-hannover.de/ and all ciphers supported by Firefox 25 use MAC SHA1; none of them allow SHA-2. Can this be changed? Do Mozilla have plans to use SHA-2 in the future?

Besides, when I try to access a site which supports only SHA-2 MACs, I get an error.

I tested on Ubuntu 13.10 using ppa:mozillateam/firefox-next to have Firefox using NSS 3.15.1 and the result was the same: no SHA256 ciphers were available. Chrome (with >= NSS 3.15.1) and Opera work fine.

I filed a bug to see if I could get some reply from Firefox developers; at the support forums things are too quiet.

TRiG
  • 1,360

2 Answers2

0

Cipher suites with HMACs using SHA-2 have been introduced in TLS 1.2. Currently, Firefox supports only TLS 1.1. For more info on TLS 1.2 support, there is an open bug at Mozilla's Bugzilla.

As you noticed, the bug has been fixed at Firefox 25.0 beta. If you change the security.tls.version.max to 3 in the about:config page (it's in the link you provided) you can then visit https://www.ssllabs.com/ssltest/viewMyClient.html to test your client. At the bottom you will see that SHA-2 is supported.

TRiG
  • 1,360
Fotis
  • 91
0

As noted here Firefox community is not pushing in this direction, seem to me that HMAC with SHA-2 will not be an option.