On Fri, May 31, 2013 at 12:19:27PM +0200, Bastien ROUCARIES wrote: > On Fri, May 31, 2013 at 4:42 AM, brian m. carlson > <sand...@crustytoothpaste.net> wrote: > > NSS does not support TLS 1.2. Since RC4 is not used securely in TLS, > > and the only other choice in TLS 1.1 and earlier is block ciphers with > > CBC, this means that there are no secure choices. I know the lack of > > TLS 1.2 support has caused customers of $DAYJOB endless heartache with > > regard to PCI compliance. > > Not true anymore: > https://hg.mozilla.org/projects/nss/rev/5a9fa031aca5
Upstream bug 480514 is still open, and while it may have landed in the main HEAD, it is not in any released version, and not in Debian. It would be irresponsible to transition to NSS when that would mean a regression in security for users. > > NSS supports fewer algorithms than either OpenSSL or GnuTLS. > > Please fill bug: > > Gnutls is really crappy about suid > see http://lists.debian.org/debian-devel/2010/03/msg00298.html > See also > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=543941 > > And openssl has problem about license.... I'm not saying these problems don't exist, but they have no bearing on the fact that OpenSSL and GnuTLS support far more algorithms. Also, it's hard to tell what algorithms and protocols are supported (and how to use NSS at all), since Debian does not include documentation and much of the d.m.o documentation is seriously out of date. We can't expect everyone to switch to NSS without accurate, maintained, and distributed documentation. NSS is also slow to accept patches and new features upstream. It took quite a long time to get TLS 1.1 and TLS 1.2 in, even when not having them in had negative security implications. Finally, does NSS support OpenSSL-style algorithm specifications to select the protocols and algorithms used? Lots of programs expect to be able to pass this information to the library, and parts of e.g. the Postfix configuration would fail to work without it. This functionality is required for PCI compliance, which I'm sure is something lots of Debian's users want. I'm all for crypto consolidation, but only if doing so doesn't cause regressions in security or functionality. Right now, that doesn't seem to be the case. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature
