Jean-Marc Desperrier wrote: > This is quite a generic question about SSL, but it might have an impact > on NSS. > > Let's imagine you have a strict policy of separating signature and > encryption certificates and want to apply it to your SSL server certificate.
Today, NSS's libSSL only lets you have a single certificate for any key type. So, you can have at most one RSA cert, one DSA cert, and one ECC cert. If that one cert is limited to being only a signing cert or only a key encipherment cert, then you can only safely enable those cipher suites that use that type of cert. IOW, having a cert that only allows one of the two common usages limits you to using only about half of the cipher suites that use that type of key. We hope to lift libSSL's limitation of one cert per key type in some future release, but I can't say when. > If you restrict your SSL server to only use to EDH protocols, you don't > need the keyEncipherment key usage and it seems to be OK. > > My question is do you need the keyAgreement key usage, then ? > > The trouble is that mozilla doc says you do : > http://www.mozilla.org/projects/security/pki/nss/tech-notes/tn3.html > SSLServer: KEY_AGREEMENT OR KEY_ENCIPHERMENT That document also says: Note: When the required key usage is KEY_AGREEMENT OR KEY_ENCIPHERMENT, the actual key usage required depends on the key's algorithm. For RSA keys, the required usage is KEY_ENCIPHERMENT. For other types of keys, it is KEY_AGREEMENT. That's how NSS is working today. It's wrong for DHE cipher suites and for the old "export" RSA cipher suites, both of which use RSA public keys for signing ephemeral public keys. Fixing it will be decidedly non-trivial. > So theorically should it be required or not ? > And does NSS required it ? > > I think the answer might be "no" to the first and "yes" to the second, > which would then be a bug in NSS. https://bugzilla.mozilla.org/show_bug.cgi?id=237877 -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
