Steffen Schulz wrote: > Is there a reason for not activating TLS ciphersuites by default?
Yes, backwards binary compatibility. It is common for old products to replace their old NSS shared libraries with the latest ones to obtain the latest bug fixes (and/or vulnerability fixes). They do not want the behavior of NSS to change in incompatible ways when they do that. So, new features (such as new versions of TLS or new cipher suites) are never enabled by default. Applications that want them can easily enable them. We reserve the right to change the defaults in "major" releases of NSS, such as 3.0, 4.0, etc. We changed the defaults when we released NSS 3.0. We enabled TLS 1.0 and numerous new cipher suites by default in NSS 3.0. If we ever release NSS 4.0, we will probably change the defaults again. > I need to explicitly enable my TLS ciphersuites when using the 'server' > sample application. That's right. > /steffen -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
