On Wed, Mar 11, 2009 at 3:35 PM, Jean-Marc Desperrier <jmd...@alussinan.org> wrote: > > Are you thinking about adding support for the SHA256 based cipher-suites > from RFC5246 ? I really think SHA-2 support in TLS should be high priority, > the more given that it's little work to implement.
I'm interested in seeing TLS 1.2 implemented in NSS, but it's not as little work as you said. We may also need to implement TLS 1.1 at the same time because TLS doesn't have a way to for a client to announce that it supports TLS 1.2 and 1.0, but not 1.1. SHA-1 in TLS 1.0 is used in two places: - In conjunction with MD5 in the PRF - in HMAC-SHA-1 > PS : You seem to be missing reference to the updated version of TLS > standard/algorithms in the links down the page, even those you do implement. We only implemented TLS 1.0 (RFC 2246). We haven't implemented TLS 1.1 (RFC 4346) and TLS 1.2 (RFC 5246). Are you referring to the RFCs that specify the AES and ECC cipher suites for TLS? Wan-Teh -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
