On Thu, Sep 25, 2014 at 6:33 PM, Ilari Liusvaara < ilari.liusvaara@elisanet.fi> wrote: > > > > > > > isAEAD() > > > > > > when it should be: > > > > > > !isBlock() && !isStream() > > > > > > The former is a interoperability problem for future acceptable non AEAD > > > ciphers, while the later is not. > > > > > > > Trying to think this through.... > > > > Isn't that only true if we add a new non-AEAD ciphersuite in NSS and then > > forget > > to update the code in Firefox? > > Nope. Somebody WILL dynamically link the TLS librariesif the platform > supports dynamic linkage at all (and most non-constrained stuff does). > > And even if stock Firefox statically links NSS, there is at least one > rebranded one (checked the memory map) that dynamically links system > NSS (hello version skew!). > > firefox explicitly enables the cipher suites it supports - that isn't left to the defaults of nss.
Received on Thursday, 25 September 2014 17:47:57 UTC