increasing NSS DH bitlength limits
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Fri May 25 17:40:33 UTC 2012
I'm not sure if pkg-mozilla is the right place to discuss NSS
configuration options; please redirect me to a better forum if one exists.
NSS is currently limited in the size of its allowed DH negotiation.
Recent versions of GnuTLS default to using DH parameter sizes (as
recommended by NIST) that exceed the sizes supported by versions of NSS
earlier than 3.13.4.
https://bugzilla.mozilla.org/show_bug.cgi?id=636802
The fix appears to be a one-line change of a #define in blapit.h.
As more services come online using newer versions of GnuTLS (configured
to use DHE-RSA or other DH cipher suites), older NSS-using clients are
likely to fail to connect with those services in a user-unfriendly way.
Upstream plans to increase the limit from the current (low) 2236 bits to
16K.
Is this fix something that we want to consider bringing into the stable
release for debian so that stable NSS-using clients can connect to newer
servers?
If so, i'm happy to open a bug about it and propose a patch and contact
the release-team to try to push for this in the next point release.
However, i don't want to take that route if the NSS maintainers (Mike
Hommey in particular?) have an objection to this plan.
Also, given that the fix is a change in a header file, i suppose it's
possible that some libNSS users actually have compiled the old
hard-coded value into their programs. i don't know what (if anything)
we can do about that, other than updating nss and then requesting
binNMUs on problematic packages :( I'd be happy to hear other ideas,
though.
Thoughts? Suggestions?
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-mozilla-maintainers/attachments/20120525/fcd92e1b/attachment.pgp>
More information about the pkg-mozilla-maintainers
mailing list