[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#7285) Mozilla NSS: default cipher suite always selected

To: openldap-its@OpenLDAP.org
Subject: (ITS#7285) Mozilla NSS: default cipher suite always selected
From: tim.strobell.ctr@nrl.navy.mil
Date: Mon, 4 Jun 2012 21:56:08 GMT
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Tim Strobell
Version: HEAD
OS: RHEL6
URL: ftp://ftp.openldap.org/incoming/tim-strobell-2012060401.patch
Submission from: (NULL) (2001:480:20:112:210:18ff:fe19:b000)


When using NSS, the default cipher suite selection is used even when
TLSCipherSuite is explicitly specified. This behavior was introduced in the
patch provided in ITS#6790.

At tls_m.c:2221...

        if ( lt->lt_ciphersuite &&
             tlsm_parse_ciphers( ctx, lt->lt_ciphersuite )) {
                   [ error, return ]
        } else if ( tlsm_parse_ciphers( ctx, "DEFAULT" ) ) {
                   [ error, return ]
        }

tlsm_parse_ciphers returns 0 on success; the else path is always followed and
overrides the previous cipher suite selection.

Next by Date: (ITS#7286) Malformed search filter to back-ldap/slapo-rwm crashes slapd
Index(es):
- Chronological
- Thread