Closed
Bug 1875158
Opened 9 months ago
Closed 9 months ago
Avoid listing xyber768 in supported groups when security.tls.enable_kyber is false
Categories
(Core :: Security: PSM, enhancement, P1)
Core
Security: PSM
Tracking
()
RESOLVED
FIXED
123 Branch
Tracking | Status | |
---|---|---|
firefox123 | --- | fixed |
People
(Reporter: jschanck, Assigned: jschanck)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
Some TLS servers will send a hello retry request to force the use of xyber768 when it is listed in the client's supported groups extension but not offered. This can cause xyber768 to be used even when security.tls.enable_kyber
is false, which will make it difficult to analyze the results of our experiment in Bug 1874959. We should disable xyber768 using NSS policy controls when security.tls.enable_kyber
is false.
Assignee | ||
Comment 1•9 months ago
|
||
Pushed by jschanck@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/389c6fb2c518
set NSS policy flags based on the value of the security.tls.enable_kyber pref. r=keeler
Comment 3•9 months ago
|
||
bugherder |
Status: ASSIGNED → RESOLVED
Closed: 9 months ago
status-firefox123:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 123 Branch
You need to log in
before you can comment on or make changes to this bug.
Description
•