bugzilla.mozilla.org has resumed normal operation. Attachments prior to 2014 will be unavailable for a few days. This is tracked in Bug 1475801.
Please report any other irregularities here.

Reject ECDSA server certificates that don't include 'digitalSignature' keyUsage

RESOLVED WONTFIX

Status

NSS
Libraries
RESOLVED WONTFIX
a year ago
a year ago

People

(Reporter: ttaubert, Assigned: ttaubert)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

This bug is about BoGo test ECDSAKeyUsage-TLS1*. When a keyUsage extension is defined for an ECDSA server certificate we should check that it contains the 'digitalSignature' bit. If a server tries to use an ECDH certificate for ssl_auth_ecdsa suites we should reject it.
(Assignee)

Updated

a year ago
Status: ASSIGNED → RESOLVED
Last Resolved: a year ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.