Closed Bug 340043 Opened 14 years ago Closed 3 years ago
_ECDH" TLS client auth methods on client side
RFC 4492 (ECC in TLS) defines 3 methods for client authentication. NSS presently implements only the first one: ECDSA_sign which is most like the client auth method used with RSA certs. This RFE asks for NSS to implement the other two, ECDSA_fixed_ECDH RSA_fixed_ECDH on the client side, so that an NSS client can use these methods with a server that requests them.
This is something that I hope to discuss at one of the upcoming NSS meetings. I am going to argue that Firefox should NOT implement support for fixed DH or fixed ECDH client certificates. Avoiding these cipher suites will enable some more bypass-mode-like optimizations that I'm considering for Firefox to solve a variety of issues affecting Firefox.
Status: NEW → RESOLVED
Closed: 3 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.