When will TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 cipher suite be available?

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

When will TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 cipher suite be available?

MJBUSCH
When will TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 cipher suite be available?

I am looking to support websites that are built with this crypto. Only IE is supported.

Thanks
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: When will TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 cipher suite be available?

Eric Rescorla
Eventually, but it's not a very high priority. Is there some reason you
can't use AES-128?

-Ekr

On Mon, Sep 22, 2014 at 4:49 PM, MJBUSCH <[hidden email]> wrote:

> When will TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 cipher suite be
> available?
>
> I am looking to support websites that are built with this crypto. Only IE
> is supported.
>
> Thanks
> --
> dev-tech-crypto mailing list
> [hidden email]
> https://lists.mozilla.org/listinfo/dev-tech-crypto
>
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: When will TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 cipher suite be available?

Robert Relyea
On 09/28/2014 03:09 PM, Eric Rescorla wrote:
> Eventually, but it's not a very high priority. Is there some reason you
> can't use AES-128?
Actually the issue is ths SHA384. We need to implement the new PKCS #11
spec to TLS key derive in softoken first.

bob

>
> -Ekr
>
> On Mon, Sep 22, 2014 at 4:49 PM, MJBUSCH <[hidden email]> wrote:
>
>> When will TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 cipher suite be
>> available?
>>
>> I am looking to support websites that are built with this crypto. Only IE
>> is supported.
>>
>> Thanks
>> --
>> dev-tech-crypto mailing list
>> [hidden email]
>> https://lists.mozilla.org/listinfo/dev-tech-crypto
>>


--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto

smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: When will TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 cipher suite be available?

Richard Barnes

On Sep 29, 2014, at 11:36 AM, Robert Relyea <[hidden email]> wrote:

> On 09/28/2014 03:09 PM, Eric Rescorla wrote:
>> Eventually, but it's not a very high priority. Is there some reason you
>> can't use AES-128?
> Actually the issue is ths SHA384. We need to implement the new PKCS #11 spec to TLS key derive in softoken first.

Is that really true?  It seems to me that we could just provide different input to TLS_P_hash() to get what we want.

http://dxr.mozilla.org/mozilla-central/source/security/nss/lib/ssl/ssl3con.c#10255

--Richard



>
> bob
>>
>> -Ekr
>>
>> On Mon, Sep 22, 2014 at 4:49 PM, MJBUSCH <[hidden email]> wrote:
>>
>>> When will TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 cipher suite be
>>> available?
>>>
>>> I am looking to support websites that are built with this crypto. Only IE
>>> is supported.
>>>
>>> Thanks
>>> --
>>> dev-tech-crypto mailing list
>>> [hidden email]
>>> https://lists.mozilla.org/listinfo/dev-tech-crypto
>>>
>
>
> --
> dev-tech-crypto mailing list
> [hidden email]
> https://lists.mozilla.org/listinfo/dev-tech-crypto

--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: When will TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 cipher suite be available?

Ryan Sleevi
On Mon, September 29, 2014 8:40 am, Richard Barnes wrote:

>
>  On Sep 29, 2014, at 11:36 AM, Robert Relyea <[hidden email]> wrote:
>
> > On 09/28/2014 03:09 PM, Eric Rescorla wrote:
> >> Eventually, but it's not a very high priority. Is there some reason you
> >> can't use AES-128?
> > Actually the issue is ths SHA384. We need to implement the new PKCS #11
> > spec to TLS key derive in softoken first.
>
>  Is that really true?

Yes

> It seems to me that we could just provide different
>  input to TLS_P_hash() to get what we want.
>
>  http://dxr.mozilla.org/mozilla-central/source/security/nss/lib/ssl/ssl3con.c#10255
>
>  --Richard

That is for the bypass code. Which "normal" NSS doesn't use (it's
included, nominally, only for Oracle). That is, Chrome and Firefox ALWAYS
define NO_PKCS11_BYPASS

So bypassCiphers (line 10218) will ALWAYS be false, we'll always take the
block of lines at
http://dxr.mozilla.org/mozilla-central/source/security/nss/lib/ssl/ssl3con.c#10219

Which you can see, we're using a custom PKCS#11 mechanism -
CKM_NSS_TLS_PRF_GENERAL_SHA256 - to handle the PRF for TLS >= TLS 1.2.

This was a short-term hack, and Bob's referring to the long-term solution
that the PKCS#11 Oasis TC agreed to as needing to be implemented in NSS.

--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto