Does anyone know how to set the priority order of SSL/TLS cipher suites on Safari for Mac OSX (10.7 ideally, but any version would be helpful). Can't seem to find any documentation on that point.
Setting Safari SSL/TLS Cipher Suites
ssl
Related Question
- MacOS – Broken SSL certificates
- Client SSL certificate failing in Safari (and what is SOSCCThisDeviceIsInCircle?)
- MacOS – OS X Safari Comodo SSL issue
- MacOS – tlsv1 alert protocol version when connecting via SSL to OS X Server
- IOS – How to find out which cipher suites an iOS application uses
- MacOS – How to remove SSL exception Safari
- IOS – How does Safari (on iOS) decide when to present an SSL client certificate
- How to clear SSL leaf certificates mappings to particular domains
Best Answer
Unfortunately, AFAIK, this setting does not exist. (It doesn't exist in another WebKit browser, either: Google Chrome. You can do this in Firefox, though, using 'about:config'.)
About hard-coded cipher priorities/support for the SSL/TLS handshake:
I tested that Safari does not support 40-bit RC4 encryption with an MD5 hash. This means that it does not support some products that are required by US export law to use low (<64-bit) encryption.
See also:
http://www.carbonwind.net/blog/post/A-quick-look-over-some-browsers-and-their-SSLTLS-implementations.aspx
"Initially, in SSL/TLS negotiations, TLS with RSA and weak 128-bit RC4 keys are offered first and second in the cipher order. Worse, ECC (Elliptical Curve Cryptography), AES (Advanced Encryption Standard), and 256-bit keys are never offered as potential cipher choices; further, MD5 is offered first and more frequently than SHA-1, when it should be the other way around."
By Roger A. Grimes, Infoworld Feb 1, 2009 1:19 pm
http://www.pcworld.com/article/158706/how_secure_is_safari.html