# Why Firefox under FreeBSD is so limited in cyphers ?



## abishai (Mar 19, 2017)

Here is https://test.abinet.ru with 2 cyphers enabled (
https://www.ssllabs.com/ssltest/analyze.html?d=test.abinet.ru&latest)

```
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)   ECDH secp384r1 (eq. 7680 bits RSA)   FS 256
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)   ECDH secp384r1 (eq. 7680 bits RSA)   FS 128
```
Firefox under FreeBSD choose the second one, while the same Firefox under Linux or Windows picks up the first.

If I disable the latter, Firefox fails to connect at all, so looks like TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 is inavailable for it.
Is it the problem with my FreeBSD installation or you have the same picture? It is slightly suspicious that top cyphers are unavailable.


----------



## drhowarddrfine (Mar 19, 2017)

I don't see where FreeBSD plays in what you show but perhaps this has something to do with it.


----------



## YuryG (Mar 20, 2017)

For me (FreeBSD-10.3 stable) Firefox uses the first cypher for your site (256_SHA384).


----------



## abishai (Mar 20, 2017)

drhowarddrfine said:


> I don't see where FreeBSD plays in what you show but perhaps this has something to do with it.


Your link contains discussion about server side mostly, anyway, Firefox uses security/nss


YuryG said:


> For me (FreeBSD-10.3 stable) Firefox uses the first cypher for your site (256_SHA384).


I found this one https://bugzilla.mozilla.org/show_bug.cgi?id=923089 and it looks fresh. Do you have ESR version or 'common' one ?
However, firefox-esr under windows uses first cypher. This is very confusing.


----------



## YuryG (Mar 21, 2017)

I have www/firefox (not -ESR, firefox-52.0.1,1 version, not the very latest, though).


----------



## abishai (Mar 21, 2017)

I was wrong. Firefox ESR under Windows doesn't pick up the first cypher. So, looks like even when nss supports (https://bugzilla.mozilla.org/show_bug.cgi?id=923089) necessary cyphers, ESR version is unaware about them available. Looks like we have to wait for ESR major bump.


----------

