From Fedora Project Wiki


Using Firefox with crypto-policies

How to test

We will try some basic stuff with Firefox.

  1. Attention: You need updated nss-3.29.3-1.3.fc2 (and also dependencies) because of bug, e.g. (x86_64 architecture):
    dnf update
  2. Visit ssllabs site with different profiles (LEGACY, DEFAULT, FUTURE - use update-crypto-policies --set PROFILE to switch them)
  3. Try sites using exclusively RC4 ciphers, 3DES ciphers, and modern ciphers using different profiles

Expected Results

  1. roughly speaking:
    1. FUTURE should allow only TLSv1.2
    2. DEFAULT should also allow 3DES ciphers
    3. LEGACY should also allow RC4 ciphers
  2. RC4 should be accessible only with LEGACY, 3DES also with DEFAULT and modern also with FUTURE.