From owner-freebsd-security@FreeBSD.ORG Thu May 3 15:21:25 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C0DC8106566C for ; Thu, 3 May 2012 15:21:25 +0000 (UTC) (envelope-from rsimmons0@gmail.com) Received: from mail-vb0-f54.google.com (mail-vb0-f54.google.com [209.85.212.54]) by mx1.freebsd.org (Postfix) with ESMTP id 7A9298FC12 for ; Thu, 3 May 2012 15:21:25 +0000 (UTC) Received: by vbmv11 with SMTP id v11so1810477vbm.13 for ; Thu, 03 May 2012 08:21:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=WwJ4e0ezZSPAfFCW7AIePR+UiosfG29+r9itKJNZEwk=; b=ywZ2bsYbaEBQdc6hsNF/ipUq+PWvGLo2GHiJPjSdCIRL/yS3GDMqSFoVk3SK5fVsL7 +Y9K4TibaCF0F20wsthDbB0H24YcrTVdOCahovcICURZ0zzRy/rWjQaoIOV9xsBkKWvi E4NKYQhk+63unJ2svGS3WIoHVwmQn01iim8w24FQ6h2asJU7sYykzqLsVCgIs9QFuY+x FXoEz9AcltpzzrLdU7tmii25fbLCwij+UQ3DceTOIkqSwVGQIV6SR6M0qom1KJn5+MDq KzysC9H4tb6AA1R/YqfvqzFkiHqBKTpVmyTL2CgD/cl7uKF/piW0fDPjEraS4yvAE0xE 3XoQ== MIME-Version: 1.0 Received: by 10.220.150.205 with SMTP id z13mr820303vcv.19.1336058484856; Thu, 03 May 2012 08:21:24 -0700 (PDT) Received: by 10.52.66.239 with HTTP; Thu, 3 May 2012 08:21:24 -0700 (PDT) In-Reply-To: References: <201205022201.50506.matt@chronos.org.uk> <201205022345.27904.matt@chronos.org.uk> Date: Thu, 3 May 2012 11:21:24 -0400 Message-ID: From: Robert Simmons To: freebsd-security@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 Subject: Re: OpenSSL and Heimdal X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 May 2012 15:21:25 -0000 On Thu, May 3, 2012 at 9:40 AM, Mark Felder wrote: > On Wed, 02 May 2012 17:45:27 -0500, Matt Dawson wrote: > >> >> IE might be the only client with support for those protocols right now >> but somebody has to lead the way on the server side or you end up with >> a mutual apathy loop (AKA positive can't be arsed feedback loop). > > > Actually Opera is the only browser on the market that supports TLS 1.2, > unless Firefox or Chrome added support within the last 6 months. I doubt it > though because FF and Chrome tend to use already existing open source > infrastructure and Opera forged ahead and wrote their own TLS 1.2 code. TLS 1.1 and 1.2 support are at different stages as far as Firefox is concerned. Actually, the implementation is in the nss library specifically. Once this is finished, unless I'm way off the mark, both Chrome/Chromium and Firefox will both support whatever the nss library supports. There are two bugs open, and it looks like 1.1 is making recent progress, and 1.2 is basically flooded with the usual "Hey, when is this happening" comments rather than patches: TLS 1.1: https://bugzilla.mozilla.org/show_bug.cgi?id=565047 TLS 1.2: https://bugzilla.mozilla.org/show_bug.cgi?id=480514