Open Bug 1963254 Opened 19 days ago

NSS should probe PKCS11 backend for supported curves

Categories

(NSS :: Libraries, enhancement)

Product:
NSS
Component:
Libraries
Type:
enhancement

Tracking

(Not tracked)

Status:
UNCONFIRMED

People

(Reporter: andrew, Unassigned)

Details

Steps to reproduce:

Tried to use NSS with a different PKCS11 backend.

Actual results:

ECC functions failed. NSS does not probe the token for supported curves when converting the ssl_named_groups to namedGroupPreferences, it assumes the token supports everything in that list.

If the curve NSS selects is not supported, the entire operation aborts, see tls13_SetupClientHello as one example of this.

Expected results:

NSS should at least run key generation operations to probe which curves are supported by the PKCS11 backend when generating namedGroupPreferences.

You need to log in before you can comment on or make changes to this bug.