Closed
Bug 1459824
Opened 6 years ago
Closed 5 years ago
Allow 0.5 RTT data from the server
Categories
(NSS :: Libraries, enhancement)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.40
People
(Reporter: mt, Assigned: mt)
Details
Attachments
(1 file)
This is relatively straightforward, but we want to be careful if the server requires client authentication.
Comment 1•6 years ago
|
||
It turns out that we never spent the time to enable this. It's relatively easy to do that, so here 'tis. The real challenge is in determining where it is safe to send 0.5 RTT data. I've opted to disable it only if a client certificate is required. If a client certificate is requested, but optional, I figure that the server is expecting to have to query for certificates before sending anything that it might not want to send. I think that is sufficient for now. However, if we ever do something like encrypted SNI, then we might want to revise this. I haven't thought that through completely, but we might want key confirmation before sending out information that might be conditioned on the server identity. Not sure how that could be exploited, but that seems like a place where extra caution is justified.
Comment 2•6 years ago
|
||
Comment on attachment 8973925 [details] Bug 1459824 - Enable 0.5 RTT data from the server, r?ekr Eric Rescorla (:ekr) has approved the revision.
Attachment #8973925 -
Flags: review+
Assignee | ||
Comment 3•5 years ago
|
||
https://hg.mozilla.org/projects/nss/rev/87b0372b6a2da431630336702ae8c2d0d0fdb04e landed in September 2018, but I neglected to close the bug here.
Status: NEW → RESOLVED
Closed: 5 years ago
QA Contact: jjones
Resolution: --- → FIXED
Target Milestone: --- → 3.40
You need to log in
before you can comment on or make changes to this bug.
Description
•