On Friday 20 March 2015 13:34:34 Alessandro Ghedini wrote: > On mer, mar 18, 2015 at 08:05:52 +0100, Kamil Dudka wrote: > > On Monday 09 March 2015 14:34:31 Alessandro Ghedini wrote: > > > Hello, > > > > > > I updated the checks as Kamil suggested. Now False Start is only used > > > with > > > TLS 1.2, ECDHE and AES GCM like in newer firefox versions. This kind of > > > reduces the False Start usability, since NSS doesn't enable ECC ciphers > > > by > > > default and they > > > > > > need to manually selected like so: > > > > $ src/curl -v https://ghedini.me --ciphers > > > > ecdhe_rsa_aes_128_gcm_sha_256 > > > > --false-start > > > > > > But this may change in the future I suppose. Also, AFAICT NSS doesn't > > > support AES 256 GCM, so there's that too, but I guess that in most > > > servers > > > if AES 256 is enabled, AES 128 will be as well. > > > > > > See attached patches. > > > > > > Cheers > > > > Hi Alessandro, > > > > sorry for the delay. I have reviewed the patches and they look perfect to > > me. Two minor remarks about the documentation -- the > > CURLOPT_SSL_FALSESTART.3 man page is not added to Makefile.am and the > > option is not mentioned in the curl_easy_setopt.3 man page -- both > > trivial to fix. > > Should I send updated patches for this? > > Cheers
No need to send patches for such trivial changes. I will merge it later today hopefully. Sorry for the delays! Kamil ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
