Rich Megginson wrote:
On 10/03/2012 10:18 AM, Howard Chu wrote:
Thanks for your comments, Rich.
Maybe we could use nss_compat_ossl to do the mapping of cipher names from openssl to moznss?
That makes sense to me, although if as you say it hasn't been actively maintained, that sounds like another problem. But certainly if other apps are using it, then aren't they going to want new cipher suite support too?
Yes, and imho nss_compat_ossl is the place to do this.
But, would it be possible to update the cipher suite list in tls_m.c first, to bring it up to date, then work on updating the compat library?
I discussed this with Kurt; the Project's policy on issues like this in the past has been not to commit any backward-compatibility fixes of this sort until the real fix has already been released. I.e., we should wait until nss_compat_ossl has been updated.
-
hyc@symas.com