Rich Megginson wrote:
On 10/03/2012 10:18 AM, Howard Chu wrote:
> Thanks for your comments, Rich.
>> Maybe we could use nss_compat_ossl to do the mapping of
>> from openssl to moznss?
> That makes sense to me, although if as you say it hasn't been actively
> maintained, that sounds like another problem. But certainly if other
> apps are using it, then aren't they going to want new cipher suite
> support too?
Yes, and imho nss_compat_ossl is the place to do this.
But, would it be possible to update the cipher suite list in tls_m.c
first, to bring it up to date, then work on updating the compat library?
I discussed this with Kurt; the Project's policy on issues like this in the
past has been not to commit any backward-compatibility fixes of this sort
until the real fix has already been released. I.e., we should wait until
nss_compat_ossl has been updated.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/