--On October 20, 2014 16:43:01 -0700 Julien Pierre <julien.pie...@oracle.com> wrote: > Hubert, > > On 10/20/2014 05:10, Hubert Kario wrote: >> So I went over the https://wiki.mozilla.org/Security/Server_Side_TLS >> article with a bit more attention to detail and I think we should >> extend it in few places. >> >> Especially if it is supposed to be also the general recommendation >> for servers, not just for ones that are part of Mozilla network. > This document seems to be fairly OpenSSL-centric. Some servers actually use > Mozilla's NSS library., as well as other libraries.
At this point, the OpenSSL-style cipher suite adjustment string has become a de-facto standard. So I believe NSS should be modified to follow that de-facto standard rather than expecting those writing security advice to do extra work: <https://bugzilla.mozilla.org/show_bug.cgi?id=967235> It's not a sexy change to NSS, but it would be very useful. Enterprise administrators of Firefox would probably appreciate this as well as server admins for servers using NSS. - Chris -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
