|
|
|
|
|
|
by jmillikin
4632 days ago
|
|
|
The browser and the server both have lists of ciphers they will permit. Any cipher shared between both endpoints can be used. Browsers permit connecting with non-FS ciphers because there are many many servers out there with cipher lists based on older versions of SSL/TLS, and users would complain if they upgraded Firefox and couldn't connect to their bank. Servers permit connecting with non-FS ciphers because excluding them would block users with older browsers from accessing the server, and give them a confusing unhelpful error page. It is possible for the server owner to permit only FS ciphers (and therefore impose a strict version requirement on browssers). |
|
|