Re: Discussion of 9.2.2

On Thu, Sep 25, 2014 at 6:33 PM, Ilari Liusvaara <
ilari.liusvaara@elisanet.fi> wrote:

>
> > >
> > >    isAEAD()
> > >
> > > when it should be:
> > >
> > >    !isBlock() && !isStream()
> > >
> > > The former is a interoperability problem for future acceptable non AEAD
> > > ciphers, while the later is not.
> > >
> >
> > Trying to think this through....
> >
> > Isn't that only true if we add a new non-AEAD ciphersuite in NSS and then
> > forget
> > to update the code in Firefox?
>
> Nope. Somebody WILL dynamically link the TLS librariesif the platform
> supports dynamic linkage at all (and most non-constrained stuff does).
>
>
And even if stock Firefox statically links NSS, there is at least one
> rebranded one (checked the memory map) that dynamically links system
> NSS (hello version skew!).
>
>
firefox explicitly enables the cipher suites it supports - that isn't left
to the defaults of nss.

Received on Thursday, 25 September 2014 17:47:57 UTC