Gregory BELLIER wrote:
Ok, so it's still sha1 by default for S/Mime ?
Is it also sha1 by default for TLS ?
TLS depends on the cipher-suites, and fortunately it's not hard-coded.
Unfortunately, the first cipher suites using SHA256 are the one defined
in TLS1.2 (RFC5246), and I believe the support for this RFC is still not
included by NSS.
It would not be a lot of work to implement at least
TLS_RSA_WITH_AES_128_CBC_SHA256 , TLS_RSA_WITH_AES_256_CBC_SHA256 ,
TLS_DH_RSA_WITH_AES_128_CBC_SHA256 , TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
as it would just mean replacing SHA1 with SHA256 wrt the equivalent SHA1
suites, but it has not been done yet. I think an external contributor
could do it.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
