cURL / Mailing Lists / curl-library / Single Mail


Re: [PATCH v3] TLS False Start support for NSS

From: Kamil Dudka <>
Date: Mon, 09 Mar 2015 16:00:11 +0100

On Monday 09 March 2015 14:34:31 Alessandro Ghedini wrote:
> Hello,
> I updated the checks as Kamil suggested. Now False Start is only used with
> TLS 1.2, ECDHE and AES GCM like in newer firefox versions. This kind of
> reduces the False Start usability, since NSS doesn't enable ECC ciphers by
> default and they
> need to manually selected like so:
> > $ src/curl -v --ciphers ecdhe_rsa_aes_128_gcm_sha_256
> > --false-start
> But this may change in the future I suppose. Also, AFAICT NSS doesn't
> support AES 256 GCM, so there's that too, but I guess that in most servers
> if AES 256 is enabled, AES 128 will be as well.
> See attached patches.
> Cheers

Thank you for the quick turnaround, Alessandro! It looks pretty good at first
glance. However, I am just leaving for vacation and will not be able to look
closer at this until I am back (March 18th). Thank you once again for working
on this!

List admin:
Received on 2015-03-09