I tried both the NSS_SSL_ENABLE_RENEGOTIATION env option and the
SSL_ENABLE_RENEGOTIATION SSL_ options. Unfortunately, none of them
seemed to work.
Cykesiopka
On Tue 2015-09-22 04:54 PM, Julien Pierre wrote:
That's odd. Were you using the correct NSS_SSL_ENABLE_RENEGOTIATION
variable name and not SSL_ENABLE_RENEGOTIATION ?
SSL_ENABLE_RENEGOTIATION is an internal name for the socket option,
but not the name of the environment variable.
Julirn
On 9/21/2015 23:14, Cykesiopka wrote:
Hi Julien,
Thanks for the response. I tried all of the relevant options for
SSL_ENABLE_RENEGOTIATION, but none of them seemed to work.
Reading the descriptions, it looks like these options have more to do
with how NSS reacts to peers that send or don't send the renego
extension.
Unfortunately, I need to test that Firefox prints out an appropriate
web console message when connecting to a non-RFC5746 compliant server.
Currently, the NSS server seems to always send the extension.
Cykesiopka
On Mon 2015-09-21 05:43 PM, Julien Pierre wrote:
|You can read about the following environment variable
NSS_SSL_ENABLE_RENEGOTIATION
<http://mxr.mozilla.org/security/search?string=NSS_SSL_ENABLE_RENEGOTIATION>
at
|https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Reference/NSS_environment_variables
This may be all you need to set in your tests to change the
extension behavior .
Julien
On 9/20/2015 23:50, Cykesiopka wrote:
Hi,
As part of my work on creating tests for
https://bugzilla.mozilla.org/show_bug.cgi?id=883674, I need some
way to control whether or not the NSS server sends the
renegotiation extension.
My current idea is to add a debug only SSL_ option for this (I have
no interest in letting such an option be used in production).
Does this sound like a reasonable solution?
Or, maybe this already exists and I'm not looking in the right place?
Thanks,
Cykesiopka
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
