Closed Bug 1342019 Opened 8 years ago Closed 8 years ago

selfserv doesn't allow setting SSL_REQUIRE_SAFE_NEGOTIATION

Categories

(NSS :: Tools, defect)

Product:
NSS
Component:
Tools
Version:
3.29
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: hkario, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:51.0) Gecko/20100101 Firefox/51.0 Build ID: 20170126153126 Steps to reproduce: selfserv -h Actual results: no option allowing to set the SSL_REQUIRE_SAFE_NEGOTIATION option on socket Expected results: a command line option that will allow to require safe renegotiation on server side and reject connection without EMPTY_RENEGOTIATION_INFO_SCSV or renegotiation_info extension
Status: UNCONFIRMED → NEW
Ever confirmed: true
Hubert, I found that it's possible to set environment variable NSS_SSL_REQUIRE_SAFE_NEGOTIATION=1 to change the default. Does that help you with selfserv testing?
In addition you need export NSS_SSL_ENABLE_RENEGOTIATION=1
Closing as WONTFIX. The environment variables appear to be sufficient, according to my testing. Going forward renegotiation will no longer be supported (in TLS 1.3), so I think we can skip adding this option.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.