[Pidgin] #15909: [Patch] Support TLS 1.1/1.2 on NSS

Pidgin trac at pidgin.im
Tue Feb 4 14:11:56 EST 2014

#15909: [Patch] Support TLS 1.1/1.2 on NSS
 Reporter:  elrond       |       Owner:
     Type:  patch        |      Status:  new
Milestone:               |   Component:  libpurple
  Version:  2.10.8       |  Resolution:
 Keywords:  ssl tls nss  |

Comment (by elrond):

 These functions are documented in {{{/usr/include/nss/ssl.h}}}. For ease
 of use, I am quoting them here from version 3.14.5:
 /* Returns, in |*vrange|, the range of SSL3/TLS versions supported for the
 ** given protocol variant by the version of libssl linked-to at runtime.
 SSL_IMPORT SECStatus SSL_VersionRangeGetSupported(
     SSLProtocolVariant protocolVariant, SSLVersionRange *vrange);

 /* Returns, in |*vrange|, the range of SSL3/TLS versions enabled by
 ** for the given protocol variant.
 SSL_IMPORT SECStatus SSL_VersionRangeGetDefault(
     SSLProtocolVariant protocolVariant, SSLVersionRange *vrange);

 /* Sets the range of enabled-by-default SSL3/TLS versions for the given
 ** protocol variant to |*vrange|.
 SSL_IMPORT SECStatus SSL_VersionRangeSetDefault(
     SSLProtocolVariant protocolVariant, const SSLVersionRange *vrange);

 And probably also from interest from {{{sslt.h}}}:
 typedef enum {
     ssl_variant_stream = 0,
     ssl_variant_datagram = 1
 } SSLProtocolVariant;

 typedef struct SSLVersionRangeStr {
     PRUint16 min;
     PRUint16 max;
 } SSLVersionRange;

 Logging {{{.min}}} and {{{.max}}} should be pretty easy. About the failure
 logging, that's not so easy, as {{{SECStatus}}} is an enum with three
 values: {{{SECWouldBlock, SECFailure, SECSuccess}}}. So only a "it failed"
 log entry is possible.

 As you know way more about the logging, could you please add that part?

Ticket URL: <https://developer.pidgin.im/ticket/15909#comment:4>
Pidgin <https://pidgin.im>

More information about the Tracker mailing list