Closed Bug 1493215 Opened 6 years ago Closed 6 years ago

Enable AES-256-GCM ciphersuites by default in TLS 1.2

Categories

(NSS :: Libraries, enhancement)

Product:
NSS
Component:
Libraries
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: ueno, Unassigned)

Details

Attachments

(1 file)

nss-enable-ciphersuites.patch
4.13 KB, patch
KaiE
: review+
Details | Diff | Splinter Review 
In RHEL-7 downstream, we have enabled the following 4 AES-256-GCM ciphersuites by default:

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384

Since those are also enabled in the Firefox's default configuration, I guess it would make sense to enable them by default in NSS.
Attachment #9011004 - Flags: review?(kaie)
Martin, Franziskus, please let us know if you disagree.
Comment on attachment 9011004 [details] [diff] [review]
nss-enable-ciphersuites.patch

patch looks good
Attachment #9011004 - Flags: review?(kaie) → review+
Seems fine to me (and Franziskus is on leave, so that will have to do).

Note that we have a long open issue regarding the use of exporters with these ciphersuites in Bug 1312976 that it would be good to resolve at some point.
Pushed as:
https://hg.mozilla.org/projects/nss/rev/aa7940a0d822
Status: NEW → RESOLVED
Closed: 6 years ago
QA Contact: franziskuskiefer
Resolution: --- → FIXED
Target Milestone: --- → 3.41
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: