I am changing nsISSLStatus right now in Bug 886752 [1
] and adding the SSL/TLS protocol version as a property on nsISSLStatus.
Because this information is cached, changing the interface invalidates the
cache for encrypted pages, which shouldn't be done too often.
I am adding the NSS cipher-suite to the information that is cached, which
allows us to easily access all the information that is saved in
SSLCipherSuiteInfo . Right now SSLStatus has three getters, which map to
the following fields in that struct:
> All of those seem badly named. We should probably add new and more
> descriptive getters. What else should be exposed?
“Should” or “should not" depends on what needs to be consumed, and where.
What’s your reasoning for adding the extra information?
> SSLChannelInfo has the two fields authKeyBits and keaKeyBits, are those
I’d say so, but it depends on context. For example, we might need to check that key exchange meets some minimum strength level before we proceed with a false start (for example).
dev-security mailing list
[hidden email] https://lists.mozilla.org/listinfo/dev-security