cURL / Mailing Lists / curl-library / Single Mail

curl-library

[PATCH v3] TLS False Start support for NSS

From: Alessandro Ghedini <alessandro_at_ghedini.me>
Date: Mon, 9 Mar 2015 14:34:31 +0100

Hello,

I updated the checks as Kamil suggested. Now False Start is only used with TLS
1.2, ECDHE and AES GCM like in newer firefox versions. This kind of reduces the
False Start usability, since NSS doesn't enable ECC ciphers by default and they
need to manually selected like so:

> $ src/curl -v https://ghedini.me --ciphers ecdhe_rsa_aes_128_gcm_sha_256 --false-start

But this may change in the future I suppose. Also, AFAICT NSS doesn't support
AES 256 GCM, so there's that too, but I guess that in most servers if AES 256
is enabled, AES 128 will be as well.

See attached patches.

Cheers

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

text/x-diff attachment: 0001-url-add-CURLOPT_SSL_FALSESTART-option.patch

text/x-diff attachment: 0002-nss-add-support-for-TLS-False-Start.patch

text/x-diff attachment: 0003-curl-add-false-start-option.patch

application/pgp-signature attachment: Digital signature

Received on 2015-03-09

This message: [ Message body ]
Next message: Kamil Dudka: "Re: [PATCH v3] TLS False Start support for NSS"
Previous message: Kamil Dudka: "Re: [PATCH v2] TLS False Start support for NSS"
Next in thread: Kamil Dudka: "Re: [PATCH v3] TLS False Start support for NSS"
Reply: Kamil Dudka: "Re: [PATCH v3] TLS False Start support for NSS"
Reply: Kamil Dudka: "Re: [PATCH v3] TLS False Start support for NSS"
Reply: Kamil Dudka: "Re: [PATCH v3] TLS False Start support for NSS"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]