Closed Bug 1875158 Opened 9 months ago Closed 9 months ago

Avoid listing xyber768 in supported groups when security.tls.enable_kyber is false

Categories

(Core :: Security: PSM, enhancement, P1)

Product:
Core
Component:
Security: PSM
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
123 Branch
Tracking Flags:
Tracking Status
firefox123 --- fixed

People

(Reporter: jschanck, Assigned: jschanck)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Bug 1875158 - set NSS policy flags based on the value of the security.tls.enable_kyber pref. r=keeler
48 bytes, text/x-phabricator-request
Details | Review

Some TLS servers will send a hello retry request to force the use of xyber768 when it is listed in the client's supported groups extension but not offered. This can cause xyber768 to be used even when security.tls.enable_kyber is false, which will make it difficult to analyze the results of our experiment in Bug 1874959. We should disable xyber768 using NSS policy controls when security.tls.enable_kyber is false.

Pushed by jschanck@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/389c6fb2c518 set NSS policy flags based on the value of the security.tls.enable_kyber pref. r=keeler

https://hg.mozilla.org/mozilla-central/rev/389c6fb2c518

Status: ASSIGNED → RESOLVED
Closed: 9 months ago
status-firefox123: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 123 Branch
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: