[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Using the same nss in all suites

* Mike Hommey:

> On ABI stability, both NSPR and NSS have a very strict policy. NSPR
> receives very few ABI changes, and it's only adding new functions. NSS
> has much more ABI changes, but also only adding new functions.

This is incorrect, there have been unplanned ABI changes related to
SSL_ImplementedCiphers variable:

  <http://openwall.com/lists/oss-security/2015/09/07/6>

I will fix the glibc warning to be much more explicit about this.

> The biggest issue with NSS version bumps is that defaults change,
> such as cyphers, protocols, etc. That can have unexpected
> consequences on existing setups.

The typical complaint with NSS is the opposite, tha the defaults do
not change fast enough.  Iceweasel/Mozilla PSM overrides basically all
the settings, so what you see there does not reflect upstream NSS
defaults.

(This is a significant concern for Fedora and its downstream because
of the attempt crypto consolidation to NSS and greater NSS usage
there.)
Reply to: