diff options
author | wolfbeast <mcwerewolf@gmail.com> | 2018-09-29 10:09:13 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-09-29 10:09:13 +0200 |
commit | 347aea437facd5324b3d8d27c587d8054e9b8b9a (patch) | |
tree | 7e81656789bfa06495ad8ffb1b42fdc27832ba47 /security/manager/ssl/nsNSSCallbacks.cpp | |
parent | 77af3f17663fd8fada8e0d368d92bef845fcf48e (diff) | |
download | UXP-347aea437facd5324b3d8d27c587d8054e9b8b9a.tar UXP-347aea437facd5324b3d8d27c587d8054e9b8b9a.tar.gz UXP-347aea437facd5324b3d8d27c587d8054e9b8b9a.tar.lz UXP-347aea437facd5324b3d8d27c587d8054e9b8b9a.tar.xz UXP-347aea437facd5324b3d8d27c587d8054e9b8b9a.zip |
Get rid of the incorrect mechanism to remove insecure fallback hosts.
This fixes #797.
Diffstat (limited to 'security/manager/ssl/nsNSSCallbacks.cpp')
-rw-r--r-- | security/manager/ssl/nsNSSCallbacks.cpp | 12 |
1 files changed, 0 insertions, 12 deletions
diff --git a/security/manager/ssl/nsNSSCallbacks.cpp b/security/manager/ssl/nsNSSCallbacks.cpp index 6bac59f51..daabca591 100644 --- a/security/manager/ssl/nsNSSCallbacks.cpp +++ b/security/manager/ssl/nsNSSCallbacks.cpp @@ -1277,7 +1277,6 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) { infoObject->GetPort(), versions.max); - bool usesFallbackCipher = false; SSLChannelInfo channelInfo; rv = SSL_GetChannelInfo(fd, &channelInfo, sizeof(channelInfo)); MOZ_ASSERT(rv == SECSuccess); @@ -1296,8 +1295,6 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) { sizeof cipherInfo); MOZ_ASSERT(rv == SECSuccess); if (rv == SECSuccess) { - usesFallbackCipher = channelInfo.keaType == ssl_kea_dh; - MOZ_ASSERT(infoObject->GetKEAUsed() == channelInfo.keaType); if (infoObject->IsFullHandshake()) { @@ -1372,15 +1369,6 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) { } else { state = nsIWebProgressListener::STATE_IS_SECURE | nsIWebProgressListener::STATE_SECURE_HIGH; - if (!usesFallbackCipher) { - SSLVersionRange defVersion; - rv = SSL_VersionRangeGetDefault(ssl_variant_stream, &defVersion); - if (rv == SECSuccess && versions.max >= defVersion.max) { - // we know this site no longer requires a fallback cipher - ioLayerHelpers.removeInsecureFallbackSite(infoObject->GetHostName(), - infoObject->GetPort()); - } - } } if (status->HasServerCert()) { |