From Fedora Project Wiki
(Created page with "{{QA/Test_Case |description=Using Firefox with crypto-policies |actions= We will try some basic stuff with Firefox. '''Attention:''' You need updated [https://koji.fedoraproje...") |
No edit summary |
||
| Line 2: | Line 2: | ||
|description=Using Firefox with crypto-policies | |description=Using Firefox with crypto-policies | ||
|actions= | |actions= | ||
We will try some basic stuff with Firefox. '''Attention:''' You need updated [https://koji.fedoraproject.org/koji/buildinfo?buildID=873855 nss-3.29.3-1.3.fc2] because of [https://bugzilla.mozilla.org/show_bug.cgi?id=1328318 bug] | We will try some basic stuff with Firefox. | ||
#'''Attention:''' You need updated [https://koji.fedoraproject.org/koji/buildinfo?buildID=873855 nss-3.29.3-1.3.fc2] (and also dependencies) because of [https://bugzilla.mozilla.org/show_bug.cgi?id=1328318 bug] | |||
#:<pre>dnf update https://kojipkgs.fedoraproject.org//packages/nss/3.29.3/1.3.fc26/x86_64/nss-3.29.3-1.3.fc26.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/nss/3.29.3/1.3.fc26/x86_64/nss-sysinit-3.29.3-1.3.fc26.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/nss/3.29.3/1.3.fc26/x86_64/nss-tools-3.29.3-1.3.fc26.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/nss-softokn/3.29.3/1.0.fc26/x86_64/nss-softokn-3.29.3-1.0.fc26.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/nss-softokn/3.29.3/1.0.fc26/x86_64/nss-softokn-freebl-3.29.3-1.0.fc26.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/nss-util/3.29.3/2.2.fc26/x86_64/nss-util-3.29.3-2.2.fc26.x86_64.rpm</pre> | |||
# Visit [https://www.ssllabs.com/ssltest/viewMyClient.html ssllabs site] with different profiles (LEGACY, DEFAULT, FUTURE - use <code>update-crypto-policies --set PROFILE</code> to switch them) | # Visit [https://www.ssllabs.com/ssltest/viewMyClient.html ssllabs site] with different profiles (LEGACY, DEFAULT, FUTURE - use <code>update-crypto-policies --set PROFILE</code> to switch them) | ||
# Try sites using exclusively [https://rc4.badssl.com RC4 ciphers], [https://3des.badssl.com 3DES ciphers], and [https://mozilla-modern.badssl.com modern ciphers] using different profiles | # Try sites using exclusively [https://rc4.badssl.com RC4 ciphers], [https://3des.badssl.com 3DES ciphers], and [https://mozilla-modern.badssl.com modern ciphers] using different profiles | ||
Revision as of 07:22, 30 March 2017
Description
Using Firefox with crypto-policies
How to test
We will try some basic stuff with Firefox.
- Attention: You need updated nss-3.29.3-1.3.fc2 (and also dependencies) because of bug
dnf update https://kojipkgs.fedoraproject.org//packages/nss/3.29.3/1.3.fc26/x86_64/nss-3.29.3-1.3.fc26.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/nss/3.29.3/1.3.fc26/x86_64/nss-sysinit-3.29.3-1.3.fc26.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/nss/3.29.3/1.3.fc26/x86_64/nss-tools-3.29.3-1.3.fc26.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/nss-softokn/3.29.3/1.0.fc26/x86_64/nss-softokn-3.29.3-1.0.fc26.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/nss-softokn/3.29.3/1.0.fc26/x86_64/nss-softokn-freebl-3.29.3-1.0.fc26.x86_64.rpm https://kojipkgs.fedoraproject.org//packages/nss-util/3.29.3/2.2.fc26/x86_64/nss-util-3.29.3-2.2.fc26.x86_64.rpm
- Visit ssllabs site with different profiles (LEGACY, DEFAULT, FUTURE - use
update-crypto-policies --set PROFILEto switch them) - Try sites using exclusively RC4 ciphers, 3DES ciphers, and modern ciphers using different profiles
Expected Results
- roughly speaking:
- FUTURE should allow only TLSv1.2
- DEFAULT should also allow 3DES ciphers
- LEGACY should also allow RC4 ciphers
- RC4 should be accessible only with LEGACY, 3DES also with DEFAULT and modern also with FUTURE.