Hi Julien,
Thanks for the response. I tried all of the relevant options for
SSL_ENABLE_RENEGOTIATION, but none of them seemed to work.
Reading the descriptions, it looks like these options have more to do
with how NSS reacts to peers that send or don't send the renego extension.
Unfortunately, I need to test that Firefox prints out an appropriate web
console message when connecting to a non-RFC5746 compliant server.
Currently, the NSS server seems to always send the extension.
Cykesiopka
On Mon 2015-09-21 05:43 PM, Julien Pierre wrote:
|You can read about the following environment variable
NSS_SSL_ENABLE_RENEGOTIATION
<http://mxr.mozilla.org/security/search?string=NSS_SSL_ENABLE_RENEGOTIATION>
at
|https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Reference/NSS_environment_variables
This may be all you need to set in your tests to change the extension
behavior .
Julien
On 9/20/2015 23:50, Cykesiopka wrote:
Hi,
As part of my work on creating tests for
https://bugzilla.mozilla.org/show_bug.cgi?id=883674, I need some way
to control whether or not the NSS server sends the renegotiation
extension.
My current idea is to add a debug only SSL_ option for this (I have
no interest in letting such an option be used in production).
Does this sound like a reasonable solution?
Or, maybe this already exists and I'm not looking in the right place?
Thanks,
Cykesiopka
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
