New issue
Advanced search Search tips

Issue 400587 link

Starred by 3 users

Issue metadata

Status: Fixed
Closed: Nov 2014
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 2
Type: Bug

Sign in to add a comment

Drop client-side support for RSA ServerKeyExchange

Project Member Reported by, Aug 4 2014

Issue description

Filing this for playing with this later.

It looks like both NSS and OpenSSL (and thus BoringSSL) support a ServerKeyExchange message when doing an RSA key exchange. It looks like this is a remnant of RSA_EXPORT cipher suites but, judging by the code, both NSS and OpenSSL accept it for normal RSA as well. BoringSSL server-side support has been dropped, but client-side support remains.

Gather UMA on whether we actually see this in the wild. If not, shed that code from BoringSSL.
Status: Fixed
Turns out NSS didn't actually support it. It's gone from BoringSSL complete now.

Sign in to add a comment