Hello, The following set of patches allow restricting the algorithms, protocols and methods used on TLS sessions. For example with this patches one can disable SHA1 signatures for certificate verification, or a particular curve being used for TLS key exchange or certificate verification. In addition minimum limits for DH, RSA or DSA parameters can be set (e.g, only allow RSA keys over 1024 bits), and the final two patches allow the global configuration of these options using pkcs11.txt.
regards, Nikos [PATCH 1/7] Restricts the SignatureAlgorithms in SSL based on the NSS settings. [PATCH 2/7] The NSS_G/SetAlgorithmPolicy functions can be used to restrict the curves used in SSL. [PATCH 3/7] Added functions to set and get numeric options for NSS. [PATCH 4/7] The NSS_G/SetAlgorithmPolicy functions can be used to restrict the curves used in cert verification [PATCH 5/7] Check for acceptable certificate parameters when verifying signatures. [PATCH 6/7] Added config parameter. [PATCH 7/7] Apply the NSS policies read by the config parameter. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
