On Monday 09 March 2015 14:34:31 Alessandro Ghedini wrote: > Hello, > > I updated the checks as Kamil suggested. Now False Start is only used with > TLS 1.2, ECDHE and AES GCM like in newer firefox versions. This kind of > reduces the False Start usability, since NSS doesn't enable ECC ciphers by > default and they > need to manually selected like so: > > $ src/curl -v https://ghedini.me --ciphers ecdhe_rsa_aes_128_gcm_sha_256 > > --false-start > But this may change in the future I suppose. Also, AFAICT NSS doesn't > support AES 256 GCM, so there's that too, but I guess that in most servers > if AES 256 is enabled, AES 128 will be as well. > > See attached patches. > > Cheers
Thank you for the quick turnaround, Alessandro! It looks pretty good at first glance. However, I am just leaving for vacation and will not be able to look closer at this until I am back (March 18th). Thank you once again for working on this! Kamil ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
