cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH v3] TLS False Start support for NSS

From: Alessandro Ghedini <alessandro_at_ghedini.me>
Date: Fri, 20 Mar 2015 13:34:34 +0100

On mer, mar 18, 2015 at 08:05:52 +0100, Kamil Dudka wrote:
> On Monday 09 March 2015 14:34:31 Alessandro Ghedini wrote:
> > Hello,
> >
> > I updated the checks as Kamil suggested. Now False Start is only used with
> > TLS 1.2, ECDHE and AES GCM like in newer firefox versions. This kind of
> > reduces the False Start usability, since NSS doesn't enable ECC ciphers by
> > default and they
> > need to manually selected like so:
> > > $ src/curl -v https://ghedini.me --ciphers ecdhe_rsa_aes_128_gcm_sha_256
> > > --false-start
> > But this may change in the future I suppose. Also, AFAICT NSS doesn't
> > support AES 256 GCM, so there's that too, but I guess that in most servers
> > if AES 256 is enabled, AES 128 will be as well.
> >
> > See attached patches.
> >
> > Cheers
>
> Hi Alessandro,
>
> sorry for the delay. I have reviewed the patches and they look perfect to me.
> Two minor remarks about the documentation -- the CURLOPT_SSL_FALSESTART.3 man
> page is not added to Makefile.am and the option is not mentioned in the
> curl_easy_setopt.3 man page -- both trivial to fix.

Should I send updated patches for this?

Cheers

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

Received on 2015-03-20