[Date Prev][Date Next]
Re: (ITS#7367) [PATCH] MozNSS: update list of supported cipher suites
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7367) [PATCH] MozNSS: update list of supported cipher suites
- From: firstname.lastname@example.org
- Date: Mon, 1 Oct 2012 15:54:16 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
> Full_Name: Jan Vcelak
> Version: git master
> OS: Linux
> URL: ftp://ftp.openldap.org/incoming/jvcelak-20120823-moznss-update-list-of-cipher-suites.patch
> Submission from: (NULL) (126.96.36.199)
> I'm attaching patch which updates the list of supported cipher suites for
> Mozilla NSS backend. All ciphers currently implemented in NSS (3.13.5) are
Recall what I said in ITS#7388 about an endless stream of patches to an
unmaintainable code base...
This is completely the wrong approach. There is no way you should be putting
hardcoded constants in libldap that are tied to specific MozNSS versions. The
MozNSS library needs to provide a cipher enumerator API.
There were 11 MozNSS patches in 2.4.32. Looks like 5 more waiting for review
here, plus 2 already committed for 2.4.33. We will not accept patches that
require constant revisiting every time NSS updates. This is too much. No more.
Tell the NSS guys to fix their design, or tell Red Hat to use a crypto library
that actually works for the intended purpose. MozNSS clearly doesn't.
> Default ciphers are selected on the same basis as in OpenSSL.
> NULL/EXPORT/LOW/MEDIUM/HIGH classification is taken from OpenSSL as well.
> The attached file is derived from OpenLDAP Software. All of the modifications to
> OpenLDAP Software represented in the following patch(es) were developed by Red
> Hat. Red Hat has not assigned rights and/or interest in this work to any party.
> I, Jan Vcelak am authorized by Red Hat, my employer, to release this work under
> the following terms.
> Red Hat hereby place the following modifications to OpenLDAP Software (and only
> these modifications) into the public domain. Hence, these modifications may be
> freely used and/or redistributed for any purpose with or without attribution
> and/or other notice.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/