Closed Bug 926773 Opened 8 years ago Closed 8 years ago

Reenable TLS_ECDHE_RSA_AES_GCM_SHA256 and TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256

Categories

(Core :: Security: PSM, defect)

defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 934663

People

(Reporter: emk, Unassigned)

References

Details

+++ This bug was initially created as a clone of Bug #926116 +++

We should backout the backout as soon as Bug 919677 lands in mozilla-central.
We can do this after we land an updated NSS.

However, the updated NSS enables OCSP fetching with OCSP GET by default with no way to disable it. That is a good thing too, but we need to test that this works correctly in Gecko. I am tempted to create a branch off of the NSS trunk that has everything that is in the NSS trunk except OCSP GET and tag that NSS_3_15_3_BETA1 because I am not sure if/when we're going to have time to verify that OCSP GET is working correctly. And/or we should add the option to NSS to disable OCSP GET support until we can get to that. Adding the option is probably best in the long-term anyway.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 934663
You need to log in before you can comment on or make changes to this bug.