On Thu, Mar 19, 2020 at 08:39:24AM -0700, Kevin Jacobs wrote:
> SSL_OptionSet with SSL_ENABLE_EXTENDED_MASTER_SECRET will do the trick, but
> I'm not aware of a config file option for this.
> NSS 3.48 enabled this by default, so if you're able to use a newer version,
> it should "just work".

This says is was supported as of 3.2.1:

For 3.48 to be enabled by default, but it was introduced in 3.2.1,
implies to me that when it was introduced, it was not enabled, but
enableable.  I have no idea what that mechanism might be.

Anyway, I guess the next step is to engage the mod_nss people

I appreciate the pointers!

> Thanks,
> Kevin

Brian Reichert                          <reich...@numachi.com>
BSD admin/developer at large    
dev-tech-crypto mailing list

Reply via email to