Re: [exim-dev] [exim] 4.80 RC2 TLS interop between GnuTLS an…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MJanne Snabb at <-
MJanne Snabb at ->
Delete this message
Reply to this message
Author: Phil Pennock
Date:  
To: Janne Snabb
CC: exim-dev
Subject: Re: [exim-dev] [exim] 4.80 RC2 TLS interop between GnuTLS and NSS
On 2012-05-21 at 02:45 +0700, Janne Snabb wrote:
> On 2012-05-21 01:34, Janne Snabb wrote:
> > Maybe NSS is unable to create/use bigger keys than 2048 bits?
>
> I found the actual limit in NSS sources in
> mozilla/security/nss/lib/freebl/blapit.h:

You are awesome. Thank you.

> http://sourceforge.net/mailarchive/forum.php?thread_name=4C81BB9E.9010808%40iang.org&forum_name=ssllabs-discuss
>
> Something like the patch below might be needed. Disgusting :(.

I'll make it an Exim tunable option as a max clamp and default it to the
NSS value of 2236.

Then I'll cut RC3.

I've separately fixed that tls_require_ciphers was being ignored, sorry
about that.

-Phil

This message was posted to the following mailing lists:
Exim-dev
Mailing List Info | Nearby Messages		<-Re: [exim-dev] 4.80 RC2 / GnuTLS 2.12.19: tls_require_ciphers (server side) ignoredRe: [exim-dev] Merge commit message->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)