Closed Bug 926773 Opened 11 years ago Closed 11 years ago

Reenable TLS_ECDHE_RSA_AES_GCM_SHA256 and TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 934663

People

(Reporter: emk, Unassigned)

References

Details

+++ This bug was initially created as a clone of Bug #926116 +++ We should backout the backout as soon as Bug 919677 lands in mozilla-central.
We can do this after we land an updated NSS. However, the updated NSS enables OCSP fetching with OCSP GET by default with no way to disable it. That is a good thing too, but we need to test that this works correctly in Gecko. I am tempted to create a branch off of the NSS trunk that has everything that is in the NSS trunk except OCSP GET and tag that NSS_3_15_3_BETA1 because I am not sure if/when we're going to have time to verify that OCSP GET is working correctly. And/or we should add the option to NSS to disable OCSP GET support until we can get to that. Adding the option is probably best in the long-term anyway.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.