On Fri, 2016-02-12 at 13:52 -0500, Rob Crittenden wrote: > Is there a reason that SSL_ENABLE_SERVER_DHE exists? Why not simply not > enable any DH ciphers? > > I ask because I'm looking to add some DH support and want to know how > bad an idea it is to always enable this. I can't think of a downside as > long as the ciphers are disabled server-side. What am I missing?
The usual strategy of NSS is not to enable new features by default, but let the application decide. From how I understand your message, you assume that all DH ciphers are disabled by default? That's not true, NSS enables several of the DH ciphersuites by default, you could look at the table named cipherSuites in file lib/ssl/ssl3con.c If a ciphersuite is enabled, it's enabled for both server and client side connections. Because older versions of NSS had already contained client side support for _DHE_, and as a consequence, applications might already have had those ciphers enabled, we had decided that upgrading to NSS 3.20 shouldn't come with the surprise that suddenly more ciphers are enabled on the server side. By setting socket option SSL_ENABLE_SERVER_DHE to true, you confirm that you want to enable the server side support for DHE ciphersuites. You might also want to have a look at the release notes of NSS 3.20, when SSL/TLS server side support for DHE was added: https://developer.mozilla.org/en-U S/docs/Mozilla/Projects/NSS/NSS_3.20_release_notes Kai -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto