On Thu, Mar 19, 2020 at 08:39:24AM -0700, Kevin Jacobs wrote: > SSL_OptionSet with SSL_ENABLE_EXTENDED_MASTER_SECRET will do the trick, but > I'm not aware of a config file option for this. > > NSS 3.48 enabled this by default, so if you're able to use a newer version, > it should "just work".
This says is was supported as of 3.2.1: https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes For 3.48 to be enabled by default, but it was introduced in 3.2.1, implies to me that when it was introduced, it was not enabled, but enableable. I have no idea what that mechanism might be. Anyway, I guess the next step is to engage the mod_nss people directly. I appreciate the pointers! > > Thanks, > Kevin -- Brian Reichert <reich...@numachi.com> BSD admin/developer at large -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto