[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#7367) [PATCH] MozNSS: update list of supported cipher suites

Rich Megginson wrote:
> On 10/03/2012 10:18 AM, Howard Chu wrote:
>> Thanks for your comments, Rich.

>>> Maybe we could use nss_compat_ossl to do the mapping of cipher names
>>> from openssl to moznss?
>> That makes sense to me, although if as you say it hasn't been actively
>> maintained, that sounds like another problem. But certainly if other
>> apps are using it, then aren't they going to want new cipher suite
>> support too?
> Yes, and imho nss_compat_ossl is the place to do this.
> But, would it be possible to update the cipher suite list in tls_m.c
> first, to bring it up to date, then work on updating the compat library?

I discussed this with Kurt; the Project's policy on issues like this in the 
past has been not to commit any backward-compatibility fixes of this sort 
until the real fix has already been released. I.e., we should wait until 
nss_compat_ossl has been updated.

   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/