Disabling all uses of elliptical curves

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Disabling all uses of elliptical curves

jonetsu
Hello,

Is there a run-time option to disable all and every uses of elliptical curves ?

If not, is there a compile option ?

Thanks.
Reply | Threaded
Open this post in threaded view
|

Re: Disabling all uses of elliptical curves

Franziskus Kiefer
there's no runtime option but you can disable it at compile time with
NSS_DISABLE_ECC, see [1]

[1]
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Reference/NSS_environment_variables

On Fri, Apr 29, 2016 at 3:44 PM, jonetsu <[hidden email]> wrote:

> Hello,
>
> Is there a run-time option to disable all and every uses of elliptical
> curves ?
>
> If not, is there a compile option ?
>
> Thanks.
>
>
>
>
> --
> View this message in context:
> http://mozilla.6506.n7.nabble.com/Disabling-all-uses-of-elliptical-curves-tp354147.html
> Sent from the Mozilla - Cryptography mailing list archive at Nabble.com.
> --
> dev-tech-crypto mailing list
> [hidden email]
> https://lists.mozilla.org/listinfo/dev-tech-crypto
>
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: Disabling all uses of elliptical curves

Martin Thomson
At the TLS layer, you can disable all suites that require ECC.

On Sat, Apr 30, 2016 at 4:40 AM, Franziskus Kiefer <[hidden email]> wrote:

> there's no runtime option but you can disable it at compile time with
> NSS_DISABLE_ECC, see [1]
>
> [1]
> https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Reference/NSS_environment_variables
>
> On Fri, Apr 29, 2016 at 3:44 PM, jonetsu <[hidden email]> wrote:
>
>> Hello,
>>
>> Is there a run-time option to disable all and every uses of elliptical
>> curves ?
>>
>> If not, is there a compile option ?
>>
>> Thanks.
>>
>>
>>
>>
>> --
>> View this message in context:
>> http://mozilla.6506.n7.nabble.com/Disabling-all-uses-of-elliptical-curves-tp354147.html
>> Sent from the Mozilla - Cryptography mailing list archive at Nabble.com.
>> --
>> dev-tech-crypto mailing list
>> [hidden email]
>> https://lists.mozilla.org/listinfo/dev-tech-crypto
>>
> --
> dev-tech-crypto mailing list
> [hidden email]
> https://lists.mozilla.org/listinfo/dev-tech-crypto
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: Disabling all uses of elliptical curves

Hubert Kario
On Saturday 30 April 2016 09:05:27 Martin Thomson wrote:
> At the TLS layer, you can disable all suites that require ECC.

I haven't tested it, but I don't think that will stop NSS trusting RSA
certificates signed by ECC CAs.
 
> On Sat, Apr 30, 2016 at 4:40 AM, Franziskus Kiefer
<[hidden email]> wrote:
> > there's no runtime option but you can disable it at compile time
> > with
> > NSS_DISABLE_ECC, see [1]
> >
> > [1]
> > https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Refere
> > nce/NSS_environment_variables>
> > On Fri, Apr 29, 2016 at 3:44 PM, jonetsu <[hidden email]>
wrote:

> >> Hello,
> >>
> >> Is there a run-time option to disable all and every uses of
> >> elliptical curves ?
> >>
> >> If not, is there a compile option ?
> >>
> >> Thanks.
> >>
> >>
> >>
> >>
> >> --
> >> View this message in context:
> >> http://mozilla.6506.n7.nabble.com/Disabling-all-uses-of-elliptical-> >> curves-tp354147.html Sent from the Mozilla - Cryptography mailing
> >> list archive at Nabble.com. --
> >> dev-tech-crypto mailing list
> >> [hidden email]
> >> https://lists.mozilla.org/listinfo/dev-tech-crypto
> >
> > --
> > dev-tech-crypto mailing list
> > [hidden email]
> > https://lists.mozilla.org/listinfo/dev-tech-crypto
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purky┼łova 99/71, 612 45, Brno, Czech Republic
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto

signature.asc (836 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Disabling all uses of elliptical curves

Martin Thomson
On Wed, May 11, 2016 at 11:08 PM, Hubert Kario <[hidden email]> wrote:
> I haven't tested it, but I don't think that will stop NSS trusting RSA
> certificates signed by ECC CAs.

There are plenty of things that NSS will still do with ECC if you
disable ECC cipher suites.  That's for sure.  If you are scared of
ECC, then compile it out with NSS_DISABLE_ECC.
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto