Hi, from what I understand, the function "ssl3_CreateECDHEphemeralKeys" in "nss/lib/ssl/ssl3ecc.c" doesn't really create ephemeral keys, but caches the keys per curve for the whole lifetime of the application. This leads to the same keypair being used for all connections that use the same curve.
Is this intended or am I missing something? What is the usual way to propose a patch that changes this behaviour to create a new keypair every time the function is called? Thanks and best regards, Joachim -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
