diff options
author | wolfbeast <mcwerewolf@gmail.com> | 2018-08-17 06:39:04 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-08-17 06:39:04 +0200 |
commit | 26debee73392b4d138663204b343c8ca805e6b3f (patch) | |
tree | d1f48ecf7622be17adab45585f36dd20925b1e69 | |
parent | df852120098dc7ba5df4a76126c6297c6d2d1b7b (diff) | |
download | UXP-26debee73392b4d138663204b343c8ca805e6b3f.tar UXP-26debee73392b4d138663204b343c8ca805e6b3f.tar.gz UXP-26debee73392b4d138663204b343c8ca805e6b3f.tar.lz UXP-26debee73392b4d138663204b343c8ca805e6b3f.tar.xz UXP-26debee73392b4d138663204b343c8ca805e6b3f.zip |
Reinstate RC4 and mark 3DES weak.
Tag #709
-rw-r--r-- | netwerk/base/security-prefs.js | 2 | ||||
-rw-r--r-- | security/manager/ssl/nsNSSComponent.cpp | 8 |
2 files changed, 9 insertions, 1 deletions
diff --git a/netwerk/base/security-prefs.js b/netwerk/base/security-prefs.js index cfbbf4a45..7d63267a6 100644 --- a/netwerk/base/security-prefs.js +++ b/netwerk/base/security-prefs.js @@ -42,6 +42,8 @@ pref("security.ssl3.dhe_rsa_aes_128_sha", false); pref("security.ssl3.rsa_aes_128_gcm_sha256", false); pref("security.ssl3.rsa_aes_128_sha256", false); pref("security.ssl3.rsa_des_ede3_sha", false); +pref("security.ssl3.rsa_rc4_128_sha", false); +pref("security.ssl3.rsa_rc4_128_md5", false); pref("security.content.signature.root_hash", "97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E"); diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp index acaf9da90..69b36d85f 100644 --- a/security/manager/ssl/nsNSSComponent.cpp +++ b/security/manager/ssl/nsNSSComponent.cpp @@ -1376,12 +1376,18 @@ static const CipherPref sCipherPrefs[] = { TLS_RSA_WITH_AES_256_CBC_SHA, true }, // Expensive/deprecated/weak +// Deprecated { "security.ssl3.rsa_aes_128_gcm_sha256", TLS_RSA_WITH_AES_128_GCM_SHA256, false }, // Deprecated { "security.ssl3.rsa_aes_128_sha256", TLS_RSA_WITH_AES_128_CBC_SHA256, false }, // Deprecated +// Weak/vulnerable { "security.ssl3.rsa_des_ede3_sha", - TLS_RSA_WITH_3DES_EDE_CBC_SHA, false }, // Weak (3DES) + TLS_RSA_WITH_3DES_EDE_CBC_SHA, false, true }, // Weak (3DES) + { "security.ssl3.rsa_rc4_128_sha", + TLS_RSA_WITH_RC4_128_SHA, false, true }, // RC4 + { "security.ssl3.rsa_rc4_128_md5", + TLS_RSA_WITH_RC4_128_MD5, false, true }, // RC4, HMAC-MD5 // All the rest are disabled |