Closed Bug 1721426 Opened 4 years ago Closed 3 years ago

NSS does not properly restrict server keys based on policy

Categories

(NSS :: Libraries, defect, P3)

Product:
NSS
Component:
Libraries
Version:
3.67
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: rrelyea, Assigned: rrelyea)

Details

Attachments

(1 file)

Bug 1721426 NSS does not properly restrict server keys based on policy
48 bytes, text/x-phabricator-request
Details | Review

When setting the key size using policy, NSS will still allow server keys of smaller size.

Assignee: nobody → rrelyea
Severity: -- → S4
Priority: -- → P3

When a server is connecting to a client that has no dh restriction, the server
will connect to the client with a weaker dh key even if the server has a
restricted dh key length.

The issue is the server doesn't look at the dh key policy when selecting a dh
group. This patch adds the dh key length policy to the dh group selection
code, and also adds test to make sure that policy is enforced.

https://phabricator.services.mozilla.com/rNSS59d0003f4bded4ff89cccbd984cef108380b9c14
fixed

Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: