Bill Price wrote, On 2008-07-24 15:17: > I'm trying to do TLS using an ECC ciphersuite. I thought FF3 natively > supported it (ECC ciphersuites are enabled in about:config). Using normal > downloads of FF3 on either Linux or Windows I'm getting the error that > there's no common ciphersuite. Looking at SSLTap, both versions of FF3 > browser are not offering any of the ECC cipher suites. I tried a search but > did not quickly find any references on how to enable FF3 for ECC suites. Are > there instructions on how to do so somewhere? If the browser behavior is > based on the NSS libraries, can I have the browser reference an alternate > set of libraries (I have ECC enabled libraries in /usr/lib on a Fedora Core > 8 Linux system)? Any help or suggestions would be appreciated. Thanks.
I received a similar report from someone else by email on Tuesday. I verified that my SeaMonkey trunk nightly build is still supporting ECC. ECC is alive and well in the NSS team's own builds of NSS. As you may know, Firefox chooses not to use NSS's makefiles as-is, but instead chooses to change much about the way NSS is built. Consequently, NSS (as built in Firefox builds) is not identical to NSS as built and tested by the NSS team. The NSS team's tinderboxes and nightly QA tests test the NSS team's own builds. If mozilla browser people made a change to the way that FF3 builds NSS, such that FF3's NSS no longer included any ECC support, that would not be apparent to the NSS team in our own QA building & testing. So, I suspect (guess) that some change in FF3 builds has effectively disabled ECC. But that's just a guess. This is a job for the PSM team. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
