665739 - Feature: Add support for TLS cached-information extension.

Status: RESOLVED WONTFIX

(NSS :: Libraries, enhancement, P5)

Description

[Robert Nishihara]

User-Agent:       Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.24 Safari/535.1
Build Identifier: nss-tip

This feature adds client and server support for the TLS cached-information extension. This extension allows the client to store server certificate chains in order to improve performance.

Reproducible: Always

Comment 2

[Robert Nishihara]

Attachment: This patch adds the cached-info feature.

Comment 3

[Robert Nishihara]

(In reply to comment #2)
> Created attachment 542510 [details] [diff] [review] [review]
> This patch adds the cached-info feature.

I forgot to include the fnv1a64.c file. I'll submit a new patch in a second.

Comment 4

[Robert Nishihara]

Attachment: This file was missing from my patch.

This is the file missing from my patch. It belongs in "/mozilla/security/nss/lib/ssl/".

Comment 6

[Kai Engert [:KaiE:]]

This feature could be useful to neutralize the size additions proposed with multi-OCSP-stapling (bug 611836).

Comment 7

[Wan-Teh Chang]

Attachment: Patch for NSS 3.12.9 used in Chromium

This is src/net/third_party/nss/patches/cachedinfo.patch in the
Chromium source tree, against NSS 3.12.9.  I attached it here for
reference only.

Comment 8

[Patrick McManus [:mcmanus]]

Purely FYI - The firefox telemetry for the last 30 days shows that roughly 30% of its handshakes would fit in IW2, 80% in IW3, and ~all of them in IW10.

firefox didn't have stapling of any flavor enabled during that window.. so the need would be expected to grow.

I'm curious if there is chrome (or other) data available and if it matches?

Comment 9

[BugBot [:suhaib / :marco/ :calixte]]

The bug assignee is inactive on Bugzilla, so the assignee is being reset.