[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7285) Mozilla NSS: default cipher suite always selected
The patch is fine. I was just about to send exactly the same. We have a
report in our bugzilla for this.
On Monday 04 of June 2012 21:56:08, tim.strobell.ctr@nrl.navy.mil wrote:
> Full_Name: Tim Strobell
> Version: HEAD
> OS: RHEL6
> URL: ftp://ftp.openldap.org/incoming/tim-strobell-2012060401.patch
> Submission from: (NULL) (2001:480:20:112:210:18ff:fe19:b000)
>
>
> When using NSS, the default cipher suite selection is used even when
> TLSCipherSuite is explicitly specified. This behavior was introduced in the
> patch provided in ITS#6790.
>
> At tls_m.c:2221...
>
> if ( lt->lt_ciphersuite &&
> tlsm_parse_ciphers( ctx, lt->lt_ciphersuite )) {
> [ error, return ]
> } else if ( tlsm_parse_ciphers( ctx, "DEFAULT" ) ) {
> [ error, return ]
> }
>
> tlsm_parse_ciphers returns 0 on success; the else path is always followed
> and overrides the previous cipher suite selection.