Open Bug 1491118 Opened 7 years ago Updated 2 years ago

TLS 1.3: Offer a way to disable anti-replay

Tracking

(Not tracked)

Status:

UNCONFIRMED

People

(Reporter: vl.olteanu, Unassigned)

Details

(Whiteboard: [nss-nofx])

Vladimir Olteanu

Reporter

Description

•

7 years ago

Currently, servers either reject early data, or accept it if using the library's built-in anti-replay feature. Some protocols running on top of TLS already offer replay protection (e.g. SOCKSv6 [1]), so it would be nice to have a third option: to accept early data indiscriminately. My suggestion is to either: * modify SSL_SetupAntiReplay such that passing bits=0 makes all early data go through, or * add a separate function like SSL_DisableAntiReplay. [1] https://tools.ietf.org/html/draft-olteanu-intarea-socks-6-04

BMO Automation

Updated

•

3 years ago

Severity: normal → S3

Benjamin Beurdouche [:beurdouche]

Updated

•

2 years ago

Severity: S3 → S4

Priority: -- → P5

Whiteboard: [nss-nofx]

You need to log in before you can comment on or make changes to this bug.

Bugzilla

TLS 1.3: Offer a way to disable anti-replay

Categories

(NSS :: Libraries, enhancement, P5)

Tracking

(Not tracked)

People

(Reporter: vl.olteanu, Unassigned)

References

Details

(Whiteboard: [nss-nofx])

Crash Data

Security

(public)

User Story

Description

Updated

Updated