cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [PATCH v3] TLS False Start support for NSS

From: Kamil Dudka <kdudka_at_redhat.com>
Date: Fri, 20 Mar 2015 20:29:40 +0100

On Monday 09 March 2015 14:34:31 Alessandro Ghedini wrote:
> Hello,
>
> I updated the checks as Kamil suggested. Now False Start is only used with
> TLS 1.2, ECDHE and AES GCM like in newer firefox versions. This kind of
> reduces the False Start usability, since NSS doesn't enable ECC ciphers by
> default and they
> need to manually selected like so:
> > $ src/curl -v https://ghedini.me --ciphers ecdhe_rsa_aes_128_gcm_sha_256
> > --false-start
> But this may change in the future I suppose. Also, AFAICT NSS doesn't
> support AES 256 GCM, so there's that too, but I guess that in most servers
> if AES 256 is enabled, AES 128 will be as well.
>
> See attached patches.
>
> Cheers

I have pushed them:

https://github.com/bagder/curl/compare/a332922a52...1f651d1d4d

Thanks for the contribution!

Kamil
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2015-03-20

This message: [ Message body ]
Next message: Женя: "exception in libcurl"
Previous message: Patrick Monnerat: "RE: [PATCH] gtls: implement CURLOPT_CERTINFO"
In reply to: Alessandro Ghedini: "[PATCH v3] TLS False Start support for NSS"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]