On 2010-03-05 15:58 PST, Wan-Teh Chang wrote: > On Wed, Mar 3, 2010 at 4:05 AM, Jean-Marc Desperrier <jmd...@gmail.com> wrote: >> TLS depends on the cipher-suites, and fortunately it's not hard-coded. >> >> Unfortunately, the first cipher suites using SHA256 are the one defined in >> TLS1.2 (RFC5246), and I believe the support for this RFC is still not >> included by NSS. >> >> It would not be a lot of work to implement at least >> TLS_RSA_WITH_AES_128_CBC_SHA256 , TLS_RSA_WITH_AES_256_CBC_SHA256 , >> TLS_DH_RSA_WITH_AES_128_CBC_SHA256 , TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 as >> it would just mean replacing SHA1 with SHA256 wrt the equivalent SHA1 >> suites, but it has not been done yet. I think an external contributor could >> do it. > > Yes. Would you be interested in working on this? > I found an existing request for TLS 1.2 in Bugzilla: > https://bugzilla.mozilla.org/show_bug.cgi?id=480514 > > Wan-Teh
I believe we must also support TLS 1.1 if we with to support TLS 1.2. I'd suggest that anyone wishing to make a major new contribution to NSS's SSL/TLS code start by working on TLS 1.1, then when they've accomplished that, they'll have learned what they need to do to accomplish TLS 1.2 (which will be MUCH more work than 1.1). -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
