Closed
Bug 1493215
Opened 6 years ago
Closed 6 years ago
Enable AES-256-GCM ciphersuites by default in TLS 1.2
Categories
(NSS :: Libraries, enhancement)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
3.41
People
(Reporter: ueno, Unassigned)
Details
Attachments
(1 file)
|
4.13 KB,
patch
|
KaiE
:
review+
|
Details | Diff | Splinter Review |
In RHEL-7 downstream, we have enabled the following 4 AES-256-GCM ciphersuites by default:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384
Since those are also enabled in the Firefox's default configuration, I guess it would make sense to enable them by default in NSS.
Attachment #9011004 -
Flags: review?(kaie)
|
||
Comment 1•6 years ago
|
||
Martin, Franziskus, please let us know if you disagree.
|
|
||
Comment 2•6 years ago
|
||
Comment on attachment 9011004 [details] [diff] [review]
nss-enable-ciphersuites.patch
patch looks good
Attachment #9011004 -
Flags: review?(kaie) → review+
|
||
Comment 3•6 years ago
|
||
Seems fine to me (and Franziskus is on leave, so that will have to do).
Note that we have a long open issue regarding the use of exporters with these ciphersuites in Bug 1312976 that it would be good to resolve at some point.
|
Reporter | |
Comment 4•6 years ago
|
||
Status: NEW → RESOLVED
Closed: 6 years ago
QA Contact: franziskuskiefer
Resolution: --- → FIXED
Target Milestone: --- → 3.41
You need to log in
before you can comment on or make changes to this bug.
Description
•