info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Intent to remove DHE ciphers in Fx 64 (Was: Intent to remove DHE ciphers from WebRTC DTLS handshake)
16 views
Skip to first unread message
Nils Ohlmeier
Oct 6, 2018, 2:32:49 PM10/6/18
to dev-platform, dev-...@lists.mozilla.org
As the Telemetry data [1] shows no significant usage of the DHE ciphers in Beta 63 and Nightly 64 we are planing to remove the DHE ciphers in Firefox 65.
Please voice your concerns now, if you have any.
Best
Nils Ohlmeier
[1] https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2018-10-01&include_spill=0&keys=__none__!__none__!__none__&max_channel_version=beta%252F63&measure=WEBRTC_DTLS_CIPHER&min_channel_version=nightly%252F60&processType=*&product=Firefox&sanitize=0&sort_keys=submissions&start_date=2018-09-04&table=1&trim=0&use_submission_date=0
> On Aug 29, 2018, at 3:56 PM, Nils Ohlmeier <nohl...@mozilla.com> wrote:
>
> Summary:
>
> We are looking at removing the DHE cipher suites from the DTLS handshake in Firefox soon.
>
> Ciphers:
> - TLS_DHE_RSA_WITH_AES_128_CBC_SHA
> - TLS_DHE_RSA_WITH_AES_256_CBC_SHA
> are the two suites which we want to remove, because they are considered too weak.
>
> A Telemetry probe landed in Firefox 63 Nightly to monitor the usage of the different cipher suites:
> https://telemetry.mozilla.org/new-pipeline/dist.html#measure=WEBRTC_DTLS_CIPHER <https://telemetry.mozilla.org/new-pipeline/dist.html#measure=WEBRTC_DTLS_CIPHER>
>
> Bug tracking the deactivation:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1227519 <https://bugzilla.mozilla.org/show_bug.cgi?id=1227519>
>
> Targeted release: Firefox 66
>
> Best
> Nils Ohlmeier
Please voice your concerns now, if you have any.
Best
Nils Ohlmeier
[1] https://telemetry.mozilla.org/new-pipeline/dist.html#!cumulative=0&end_date=2018-10-01&include_spill=0&keys=__none__!__none__!__none__&max_channel_version=beta%252F63&measure=WEBRTC_DTLS_CIPHER&min_channel_version=nightly%252F60&processType=*&product=Firefox&sanitize=0&sort_keys=submissions&start_date=2018-09-04&table=1&trim=0&use_submission_date=0
> On Aug 29, 2018, at 3:56 PM, Nils Ohlmeier <nohl...@mozilla.com> wrote:
>
> Summary:
>
> We are looking at removing the DHE cipher suites from the DTLS handshake in Firefox soon.
>
> Ciphers:
> - TLS_DHE_RSA_WITH_AES_128_CBC_SHA
> - TLS_DHE_RSA_WITH_AES_256_CBC_SHA
> are the two suites which we want to remove, because they are considered too weak.
>
> A Telemetry probe landed in Firefox 63 Nightly to monitor the usage of the different cipher suites:
> https://telemetry.mozilla.org/new-pipeline/dist.html#measure=WEBRTC_DTLS_CIPHER <https://telemetry.mozilla.org/new-pipeline/dist.html#measure=WEBRTC_DTLS_CIPHER>
>
> Bug tracking the deactivation:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1227519 <https://bugzilla.mozilla.org/show_bug.cgi?id=1227519>
>
> Targeted release: Firefox 66
>
> Best
> Nils Ohlmeier
0 new messages