Open
Bug 1302502
Opened 9 years ago
Updated 3 years ago
Remove SSL_SECURITY option
Categories
(NSS :: Libraries, defect, P3)
NSS
Libraries
Tracking
(Not tracked)
NEW
People
(Reporter: mt, Unassigned)
Details
Setting this option to false disables the use of SSL/TLS. We agreed 2016-09-13 that setting this to false should cause an error and that all the associated code can be removed.
|
Reporter | |
Comment 1•9 years ago
|
||
Firefox uses this: http://searchfox.org/mozilla-central/rev/f6c298b36db67a7109079c0dd7755f329c1d58e2/security/manager/ssl/nsNSSIOLayer.cpp#2448 We would need to change that (probably by adding and removing the SSL layer) before we could make this change.
|
||
Updated•8 years ago
|
Priority: -- → P3
|
||
Comment 2•7 years ago
|
||
:mt
What exactly I need to remove in this file?
Need to remove all related code?
https://searchfox.org/mozilla-central/search?q=SSL_SECURITY&path=
Flags: needinfo?(martin.thomson)
QA Contact: franziskuskiefer
|
|
Reporter | |
Comment 3•7 years ago
|
||
This is a tricky bug because https://searchfox.org/mozilla-central/rev/5b3b6b8fd9f90087f618c20382e631451136ed2b/security/manager/ssl/nsNSSIOLayer.cpp#2513 sets the option to false for startTLS and proxies. We would need to rework the networking code to use that.
The fix is probably to defer adding the SSL layer to the socket, but that means moving some of the initialization that happens here, which might mess with some of the invariants that other code depends on.
You probably need to ask one of the networking folks about how to test that change properly first. Try :nwgh perhaps.
Flags: needinfo?(martin.thomson)
|
||
Updated•3 years ago
|
Severity: normal → S3
You need to log in
before you can comment on or make changes to this bug.
Description
•