959864 - Support DTLS 1.2

Status: RESOLVED FIXED

(NSS :: Libraries, enhancement, P2)

Description

[Wan-Teh Chang]

Attachment: Preliminary patch

Now that NSS supports TLS 1.2, it should not be hard to support DTLS 1.2.

The patch is probably incomplete. I wrote it by searching for "DTLS_1_0"
in the nss/lib/ssl directory.

The max allowed DTLS version is already DTLS 1.2. By default only DTLS 1.0
is enabled.

Comment 1

[Wan-Teh Chang]

Martin also wrote a patch in bug 996237.

Comment 2

[Martin Thomson [:mt:]]

Yeah, yours works better. I missed the HelloVerify bit. They are otherwise identical.

Comment 3

[Wan-Teh Chang]

Attachment: Patch v1 by Martin Thomson

This is Martin's patch from bug 996237.

Comment 4

[Wan-Teh Chang]

Attachment: Patch v2 by Martin Thomson

Martin, I added a few changes from my preliminary patch to your patch.
You can review the diffs against the v1 patch to see my changes. Thanks.

Comment 5

[Martin Thomson [:mt:]]

Comment on attachment 8430999 [details] [diff] [review]
Patch v2 by Martin Thomson

Review of attachment 8430999 [details] [diff] [review]:
-----------------------------------------------------------------

That looks correct.  And I can confirm that it works with itself and Chrome.  I'm in the process of trying to find more peers to test with; none of the ones I've tested with use HelloVerify, for instance.  Unit tests would really help with my confidence level here.

Comment 6

[Wan-Teh Chang]

Comment on attachment 8430999 [details] [diff] [review]
Patch v2 by Martin Thomson

Patch checked in: https://hg.mozilla.org/projects/nss/rev/c6c37cdbad0d