Closed
Bug 1913675
Opened 1 year ago
Closed 1 year ago
Fuzz more SSL options used by Firefox with NSS TLS client fuzz target
Categories
(NSS :: Test, enhancement)
NSS
Test
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: mdauer, Assigned: mdauer)
Details
(Keywords: sec-other)
Attachments
(1 file)
Running grep -Porh "SSL_OptionSet\(.+, \K.+(?=,)" | sort -u revealed the following options to be of interest:
- SSL_ENABLE_0RTT_DATA
- SSL_ENABLE_ALPN
- SSL_ENABLE_FALLBACK_SCSV
- SSL_ENABLE_OCSP_STAPLING
- SSL_ENABLE_SESSION_TICKETS
- SSL_ENABLE_TLS13_COMPAT_MODE
- SSL_NO_LOCKS
|
Assignee | |
Comment 1•1 year ago
|
||
|
|
Assignee | |
Updated•1 year ago
|
Group: mozilla-employee-confidential → crypto-core-security
CC list accessible: false
Not accessible to reporter
Summary: Add more SSL options used by Firefox to NSS fuzz targets → Fuzz more SSL options used by Firefox with NSS TLS client fuzz target
|
||
Updated•1 year ago
|
Attachment #9419682 -
Attachment description: WIP: Bug 1913675 - Add more options to tls client fuzz target → WIP: Bug 1913675 - Add more options to TLS client fuzz target
|
|
||
Updated•1 year ago
|
Attachment #9419682 -
Attachment description: WIP: Bug 1913675 - Add more options to TLS client fuzz target → Bug 1913675 - Add more options to TLS client fuzz target, r=#nss-reviewers
|
|
||
Updated•1 year ago
|
Attachment #9419682 -
Attachment description: Bug 1913675 - Add more options to TLS client fuzz target, r=#nss-reviewers → Bug 1913675 - Add more options to TLS client fuzz target, r=#nss-reviewers,freddyb
|
|
||
Updated•1 year ago
|
Attachment #9419682 -
Attachment description: Bug 1913675 - Add more options to TLS client fuzz target, r=#nss-reviewers,freddyb → Bug 1913675 - Add more options to TLS client fuzz target, r=#nss-reviewers
|
|
Assignee | |
Comment 2•1 year ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 1 year ago
Resolution: --- → FIXED
|
||
Comment 3•1 year ago
|
||
Is this a security sensitive bug because the patch could find vulnerabilities? If so once the patch runs cleanly once, we should be able to open this bug up. How to fuzz the code shouldn't be security sensitive:).
bob
|
|
Assignee | |
Comment 4•1 year ago
|
||
Yeah, I was told to mark patches that could find vulnerabilities as security sensitive.
/cc djackson, jkratzer
Flags: needinfo?(djackson)
|
||
Comment 5•1 year ago
|
||
Yes, that's the right policy :-). Now that we've pushed the code we can open up the bug (since the code is public now anyway).
Group: crypto-core-security
Flags: needinfo?(djackson)
You need to log in
before you can comment on or make changes to this bug.
Description
•