Closed
Bug 340043
Opened 18 years ago
Closed 7 years ago
Implement "fixed_ECDH" TLS client auth methods on client side
Categories
(NSS :: Libraries, enhancement, P4)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: nelson, Unassigned)
References
()
Details
RFC 4492 (ECC in TLS) defines 3 methods for client authentication. NSS presently implements only the first one: ECDSA_sign which is most like the client auth method used with RSA certs. This RFE asks for NSS to implement the other two, ECDSA_fixed_ECDH RSA_fixed_ECDH on the client side, so that an NSS client can use these methods with a server that requests them.
Reporter | ||
Updated•18 years ago
|
Priority: -- → P4
Comment 1•14 years ago
|
||
This is something that I hope to discuss at one of the upcoming NSS meetings. I am going to argue that Firefox should NOT implement support for fixed DH or fixed ECDH client certificates. Avoiding these cipher suites will enable some more bypass-mode-like optimizations that I'm considering for Firefox to solve a variety of issues affecting Firefox.
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•