Open Bug 1555404 Opened 6 years ago Updated 2 years ago

[meta] Support dynamic TLS cipher suites

Categories

(Core :: Security: PSM, task, P3)

Product:
Core
Component:
Security: PSM
Version:
68 Branch
Type:
task

Tracking

()

People

(Reporter: jcj, Unassigned)

References

(Depends on 2 open bugs)

Details

(Keywords: meta, Whiteboard: [geckoview][psm-tracking])

There are a variety of cases where we need to make runtime determinations of cipher-suite preference:

  1. On some platforms, only at runtime can we know what optimizations are available.
  2. Some users prefer certain ciphersuites over others, but don't want to break the web by outright disabling suites
  3. Enterprise policies may want to affect what suites are used
    .. and others.

This meta bug collects work to support this in NSS and Gecko. NSS must provide a mechanism to interact with ciphersuite preferences. We also want to read from preferences and enterprise policies. Also, the defaults should be computed based on expected performance.

Depends on: 1555407
Whiteboard: [qf:meta][geckoview]
Depends on: 1583610
Depends on: 1585190
Priority: -- → P3
Whiteboard: [qf:meta][geckoview] → [qf:meta][geckoview][psm-tracking]
Performance Impact: --- → ?
Whiteboard: [qf:meta][geckoview][psm-tracking] → [geckoview][psm-tracking]
Performance Impact: ? → ---
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.