cURL / Mailing Lists / curl-library / Single Mail


[PATCH v3] TLS False Start support for NSS

From: Alessandro Ghedini <>
Date: Mon, 9 Mar 2015 14:34:31 +0100


I updated the checks as Kamil suggested. Now False Start is only used with TLS
1.2, ECDHE and AES GCM like in newer firefox versions. This kind of reduces the
False Start usability, since NSS doesn't enable ECC ciphers by default and they
need to manually selected like so:

> $ src/curl -v --ciphers ecdhe_rsa_aes_128_gcm_sha_256 --false-start

But this may change in the future I suppose. Also, AFAICT NSS doesn't support
AES 256 GCM, so there's that too, but I guess that in most servers if AES 256
is enabled, AES 128 will be as well.

See attached patches.


List admin:

Received on 2015-03-09