1
Is it possible to make a browser and a web server use SSL/TLS (https) with eNULL cipher for debugging purposes in a development environment (e.g. wireshark capture without setting up SSL stream decryption)?
Radko Dinev
Posted 2014-08-15T08:26:38.450
Reputation: 191
1
My research shows the following so far:
Mozilla Firefox: support for low/weak/null cipher suites has been removed (see mozilla bug 799007).
Chromium/Chrome: the first comment from mozilla bug 799007 also states lack of support either.
Internet Explorer: supports some of them but are off by default; the interesting cipher suites for my use-case and listed at (MSDN) Cipher Suites in Schannel are TLS_RSA_WITH_NULL_SHA, TLS_RSA_WITH_NULL_MD5, and possibly TLS_RSA_WITH_NULL_SHA256.
It seems that you can enable/disable and prioritize the ciphers following the instructions at (MSDN) Cryptography API: Next Generation, starting with Windows Server 2008 and Windows Vista.
Radko Dinev
Posted 2014-08-15T08:26:38.450
Reputation: 191