Details

    • Type: Bug
    • Status: Resolved
    • Priority: P2
    • Resolution: Fixed
    • Affects Version/s: 6
    • Fix Version/s: 6
    • Component/s: security-libs
    • Labels:
    • Subcomponent:
    • Resolved In Build:
      b85
    • CPU:
      generic, x86
    • OS:
      generic, windows_2003

      Description

      A few updates/fixes to the ECC support added by 6405536 are needed:

       . add support for SHA256withECDSA (and 384/512) in addition to SHA1withECDSA

       . change the default key size/curve in keytool, EC KeyPairGenerator, and the SunJSSE ECDHE key exchange from NIST-P192 to NIST-P256. That is equivalent to 3072 bit RSA keys, so rather out of whack with our 1024 bit default for RSA, but NSA Suite B mandates P256 and it it also more widely implemented than P192.

       . the P11KeyStore does not really understand EC keys, so it is not possible to store them into a PKCS#11 token. This needs to be fixed, maybe along with some special code for some preexisting NSS specific problems.
      Also:

       . the "Supported Elliptic Curves Extension" is encoded incorrectly. This causes problems if a JSSE client is talking to an ECC server that parses this extension. By accident, JSSE in server mode is ok.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                andreas Andreas Sterbenz
                Reporter:
                andreas Andreas Sterbenz
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: