Enable 25519 key exchange

RESOLVED FIXED in Firefox 52

Status

()

Core
Security: PSM
P2
normal
RESOLVED FIXED
a year ago
a year ago

People

(Reporter: mt, Assigned: mt)

Tracking

unspecified
mozilla52
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox52 fixed)

Details

(Whiteboard: [psm-backlog])

MozReview Requests

()

Submitter Diff Changes Open Issues Last Updated
Loading...
Error loading review requests:

Attachments

(1 attachment)

(Assignee)

Description

a year ago
We currently leave the default groups enabled, which could be problematic on some systems, particularly for performance.

When doing so, we should also ensure that we call SSL_SendAdditionalKeyShares so that we generate P-256 shares as well as 25519 shares.  That will affect TLS 1.3 when that's enabled, and we could miss it (there is a theory that all the servers will have 25519, but that's not certain yet).

Recommended groups and their order: 25519, P-256, P384, FFDHE2048, FFDHE3072.
(Assignee)

Updated

a year ago
See Also: → bug 1304927
Priority: -- → P2
Whiteboard: [psm-backlog]
Comment hidden (mozreview-request)
(Assignee)

Updated

a year ago
Assignee: nobody → martin.thomson
Comment hidden (mozreview-request)

Comment 3

a year ago
mozreview-review
Comment on attachment 8794709 [details]
Bug 1304926 - Enable specific named groups,

https://reviewboard.mozilla.org/r/81040/#review79758

LGTM once enough of bug 1304919 lands.
Attachment #8794709 - Flags: review?(dkeeler) → review+

Comment 4

a year ago
Pushed by martin.thomson@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/27e8b32dea3e
Enable specific named groups, r=keeler

Comment 5

a year ago
bugherder
https://hg.mozilla.org/mozilla-central/rev/27e8b32dea3e
Status: NEW → RESOLVED
Last Resolved: a year ago
status-firefox52: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
Blocks: 1309859
You need to log in before you can comment on or make changes to this bug.