ECH (Retry-)Config bugs
Categories
(NSS :: Libraries, defect, P1)
Tracking
(Not tracked)
People
(Reporter: lschwarz, Assigned: lschwarz)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
-
NSS client does not check that server ECH extensions containing retry configs are only allowed in the EncryptedExtensions message (and therefore can only be sent by TLS > 1.3 servers).
-
NSS client does not check if a server illegally sent an ECH extension containing retry configs even though it accepted ECH.
-
NSS fails when setting an ECH config containing an unsupported mandatory extensions instead of just skipping it and trying to set possible further extensions.
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Comment 1•2 years ago
|
||
Depends on D151489
Comment 2•2 years ago
|
||
The severity field is not set for this bug.
:beurdouche, could you have a look please?
For more information, please visit auto_nag documentation.
Updated•2 years ago
|
Comment 3•2 years ago
|
||
There's a r+ patch which didn't land and no activity in this bug for 2 weeks.
:lschwarz, could you have a look please?
If you still have some work to do, you can add an action "Plan Changes" in Phabricator.
For more information, please visit auto_nag documentation.
Comment 4•2 years ago
|
||
Assignee | ||
Updated•2 years ago
|
Description
•