[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7285) Mozilla NSS: default cipher suite always selected

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#7285) Mozilla NSS: default cipher suite always selected
From: jvcelak@redhat.com
Date: Tue, 5 Jun 2012 09:21:26 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

The patch is fine.  I was just about to send exactly the same. We have a 
report in our bugzilla for this.

On Monday 04 of June 2012 21:56:08, tim.strobell.ctr@nrl.navy.mil wrote:
> Full_Name: Tim Strobell
> Version: HEAD
> OS: RHEL6
> URL: ftp://ftp.openldap.org/incoming/tim-strobell-2012060401.patch
> Submission from: (NULL) (2001:480:20:112:210:18ff:fe19:b000)
> 
> 
> When using NSS, the default cipher suite selection is used even when
> TLSCipherSuite is explicitly specified. This behavior was introduced in the
> patch provided in ITS#6790.
> 
> At tls_m.c:2221...
> 
>         if ( lt->lt_ciphersuite &&
>              tlsm_parse_ciphers( ctx, lt->lt_ciphersuite )) {
>                    [ error, return ]
>         } else if ( tlsm_parse_ciphers( ctx, "DEFAULT" ) ) {
>                    [ error, return ]
>         }
> 
> tlsm_parse_ciphers returns 0 on success; the else path is always followed
> and overrides the previous cipher suite selection.

Prev by Date: Re: (ITS#7286) Malformed search filter to back-ldap/slapo-rwm crashes slapd
Next by Date: (ITS#7287) [PATCH] MozNSS: do not overwrite error in tlsm_verify_cert
Index(es):
- Chronological
- Thread