New issue
Advanced search Search tips

Issue 400587 link

Starred by 3 users

Issue metadata

Status: Fixed
Owner:
Closed: Nov 2014
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug



Sign in to add a comment

Drop client-side support for RSA ServerKeyExchange

Project Member Reported by davidben@chromium.org, Aug 4 2014

Issue description

Filing this for playing with this later.

It looks like both NSS and OpenSSL (and thus BoringSSL) support a ServerKeyExchange message when doing an RSA key exchange. It looks like this is a remnant of RSA_EXPORT cipher suites but, judging by the code, both NSS and OpenSSL accept it for normal RSA as well. BoringSSL server-side support has been dropped, but client-side support remains.

Gather UMA on whether we actually see this in the wild. If not, shed that code from BoringSSL.
 
Status: Fixed
Turns out NSS didn't actually support it. It's gone from BoringSSL complete now.
https://boringssl.googlesource.com/boringssl/+/525a0fe315282ca1840f8f9f170c8a26ce5fab2a

Sign in to add a comment