cURL / Mailing Lists / curl-library / Single Mail


Re: [PATCH 1/3] nss: do not enable AES cipher-suites by default

From: Kamil Dudka <>
Date: Wed, 12 Mar 2014 12:12:09 +0100

On Wednesday 12 March 2014 04:52:09 Fabian Frank wrote:
> On Mon, Mar 10, 2014 at 5:44 AM, Kamil Dudka <> wrote:
> > ... but allow them to be enabled/disabled explicitly. The default
> > policy should be maintained at the NSS level.
> Would you mind sharing your reasoning for why you want to enable/disable
> certain suites?

The patch actually does not change the default behavior with up2date version
of NSS. I just wanted to make sure that we will not override the NSS default
if it changes later on.

It does not make any sense to maintain the default policy at libcurl level.
From now own, if we wanted to change the list of cipher-suites enabled by
default, we would patch NSS itself, because libcurl's use of NSS does not
really differ from what other NSS clients do.

> Have you tested the resulting settings against

I have tested it now. The patch did not make any difference.


List admin:
Received on 2014-03-12