From:  f masood <>
Date:  29 Nov 2017 02:37:20 Hong Kong Time

Re: adding a new custom ciphersuite to NSS (to be used by Thunderbird for TLS establishment)


*** Update # 4*** 

1. So, I am kind of successful. 

2. What I did was looked at the PATCH (ChaCha20+Poly1305) shared with me by Mr. Franziskus Kiefer (very kind of him) and started doing the changes. I made a "ecdhe_ecdsa_myseed_cbc_sha" ciphersuite, which is basically SEED cipher but did all the changes in all the required *.C, *.H and other files. 

3. There were few times when I got the error that compilation failed because something was defined / declared. Again looked at the files where SEED was declared and used similar convention for declaring MYSEED ... 

4. Eventually, all the errors were gone and Thunderbird got compiled and a binary(.exe) was generated. 

5. Now, I have opened the "CONFIG EDITOR" of thunderbird and when I search for ssl, all the TLS ciphers like aes_128_gcm, aes_256_gcm, chacha20 etc. show up but my "ecdhe_ecdsa_ns_cbc_sha" does not shows up. If I manually edit and add the "pref("security.ssl3.ecdhe_ecdsa_myseed_cbc_sha", true);" in "grepprefs.js" it shows up. I think I should add it to /netwerk/base/grepprefs.js file.

6. But my question is that my "TLS_ECDHE_ECDSA_WITH_MYSEED_CBC_SHA" doesnt shows up in wireshark when CLIENT HELLO is send, I know that for successful communication my server also needs to have this cipher but why is Thunderbird Client not sending the cipher in CLIENT HELLO PACKET. 15 ciphers are send to servers and they are those aes 128, aes 256, chacha etc. ciphers but mycipher is not present. Can anyone help me ?

ps: i'll be creating and sharing a patch which will help this open community :) 

On Monday, November 27, 2017 at 4:41:30 PM UTC+5, f masood wrote:
> Update:
> 1. i have done the changes as done by the patch however, I get the following error:
> i.   /mozilla/security/nss/lib/ssl/ssl3con.c (179) :error C2078 (178) : too many initializers 
> ii.   /mozilla/security/nss/lib/ssl/ssl3con.c (179) :error C2078 (179) : too many initializers 
> iii.   /mozilla/security/nss/lib/ssl/ssl3con.c (179) :error C2078 (5609) : too many initializers 
> iv.   /mozilla/security/nss/lib/ssl/ssl3con.c (179) :error C2078 (5591) : too many initializers 
> can anyone help me out ?  i am stuck pretty bad !