[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7367) [PATCH] MozNSS: update list of supported cipher suites

jvcelak@redhat.com wrote:
> Full_Name: Jan Vcelak
> Version: git master
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/jvcelak-20120823-moznss-update-list-of-cipher-suites.patch
> Submission from: (NULL) (
> I'm attaching patch which updates the list of supported cipher suites for
> Mozilla NSS backend. All ciphers currently implemented in NSS (3.13.5) are
> included.

Recall what I said in ITS#7388 about an endless stream of patches to an 
unmaintainable code base...

This is completely the wrong approach. There is no way you should be putting 
hardcoded constants in libldap that are tied to specific MozNSS versions. The 
MozNSS library needs to provide a cipher enumerator API.

There were 11 MozNSS patches in 2.4.32. Looks like 5 more waiting for review 
here, plus 2 already committed for 2.4.33. We will not accept patches that 
require constant revisiting every time NSS updates. This is too much. No more.

Tell the NSS guys to fix their design, or tell Red Hat to use a crypto library 
that actually works for the intended purpose. MozNSS clearly doesn't.

> Default ciphers are selected on the same basis as in OpenSSL.
> NULL/EXPORT/LOW/MEDIUM/HIGH classification is taken from OpenSSL as well.
> The attached file is derived from OpenLDAP Software. All of the modifications to
> OpenLDAP Software represented in the following patch(es) were developed by Red
> Hat. Red Hat has not assigned rights and/or interest in this work to any party.
> I, Jan Vcelak am authorized by Red Hat, my employer, to release this work under
> the following terms.
> Red Hat hereby place the following modifications to OpenLDAP Software (and only
> these modifications) into the public domain. Hence, these modifications may be
> freely used and/or redistributed for any purpose with or without attribution
> and/or other notice.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/