Closed
Bug 1304926
Opened 8 years ago
Closed 8 years ago
Enable 25519 key exchange
Categories
(Core :: Security: PSM, defect, P2)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
mozilla52
Tracking | Status | |
---|---|---|
firefox52 | --- | fixed |
People
(Reporter: mt, Assigned: mt)
References
Details
(Whiteboard: [psm-backlog])
Attachments
(1 file)
We currently leave the default groups enabled, which could be problematic on some systems, particularly for performance. When doing so, we should also ensure that we call SSL_SendAdditionalKeyShares so that we generate P-256 shares as well as 25519 shares. That will affect TLS 1.3 when that's enabled, and we could miss it (there is a theory that all the servers will have 25519, but that's not certain yet). Recommended groups and their order: 25519, P-256, P384, FFDHE2048, FFDHE3072.
Priority: -- → P2
Whiteboard: [psm-backlog]
Comment hidden (mozreview-request) |
Assignee | ||
Updated•8 years ago
|
Assignee: nobody → martin.thomson
Comment hidden (mozreview-request) |
Comment 3•8 years ago
|
||
mozreview-review |
Comment on attachment 8794709 [details] Bug 1304926 - Enable specific named groups, https://reviewboard.mozilla.org/r/81040/#review79758 LGTM once enough of bug 1304919 lands.
Attachment #8794709 -
Flags: review?(dkeeler) → review+
Pushed by martin.thomson@gmail.com: https://hg.mozilla.org/integration/mozilla-inbound/rev/27e8b32dea3e Enable specific named groups, r=keeler
Comment 5•8 years ago
|
||
bugherder |
https://hg.mozilla.org/mozilla-central/rev/27e8b32dea3e
Status: NEW → RESOLVED
Closed: 8 years ago
status-firefox52:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
You need to log in
before you can comment on or make changes to this bug.
Description
•