On Thu, 2021-01-21 at 14:21 +0900, Michael Paquier wrote: > Also, what's the minimum version of NSS that would be supported? It > would be good to define an acceptable older version, to keep that > documented and to track that perhaps with some configure checks (?), > similarly to what is done for OpenSSL.
Some version landmarks: - 3.21 adds support for extended master secret, which according to [1] is required for SCRAM channel binding to actually be secure. - 3.26 is Debian Stretch. - 3.28 is Ubuntu 16.04, and RHEL6 (I think). - 3.35 is Ubuntu 18.04. - 3.36 is RHEL7 (I think). - 3.39 gets us final TLS 1.3 support. - 3.42 is Debian Buster. - 3.49 is Ubuntu 20.04. (I'm having trouble finding online package information for RHEL variants, so I've pulled those versions from online support docs. If someone notices that those are wrong please speak up.) So 3.39 would guarantee TLS1.3 but exclude a decent chunk of still- supported Debian-alikes. Anything less than 3.21 seems actively unsafe unless we disable SCRAM with those versions. Any other important landmarks (whether feature- or distro-related) we need to consider? --Jacob [1] https://tools.ietf.org/html/rfc7677#section-4
