diff options
| author | wolfbeast <mcwerewolf@gmail.com> | 2018-02-02 20:44:40 +0100 |
|---|---|---|
| committer | wolfbeast <mcwerewolf@gmail.com> | 2018-02-02 20:44:40 +0100 |
| commit | 4bf1a2a1cb61a165c0540208098070222eafdfff (patch) | |
| tree | 41e81fdf433c32c263cb2fad07f87812e30c747a /security/manager | |
| parent | c0c702a5e3284e843e680064b4c6a7280242c567 (diff) | |
| parent | b80de6fe930792c94c9e64dd3867ffb1d663f16f (diff) | |
| download | UXP-4bf1a2a1cb61a165c0540208098070222eafdfff.tar UXP-4bf1a2a1cb61a165c0540208098070222eafdfff.tar.gz UXP-4bf1a2a1cb61a165c0540208098070222eafdfff.tar.lz UXP-4bf1a2a1cb61a165c0540208098070222eafdfff.tar.xz UXP-4bf1a2a1cb61a165c0540208098070222eafdfff.zip | |
Merge branch 'ported-moebius'
Diffstat (limited to 'security/manager')
| -rw-r--r-- | security/manager/ssl/nsNSSComponent.cpp | 31 |
1 files changed, 25 insertions, 6 deletions
diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp index d53f846ed..1bcdcc1b0 100644 --- a/security/manager/ssl/nsNSSComponent.cpp +++ b/security/manager/ssl/nsNSSComponent.cpp @@ -1344,12 +1344,16 @@ static const CipherPref sCipherPrefs[] = { { "security.ssl3.ecdhe_ecdsa_aes_256_sha", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, true }, - { "security.ssl3.dhe_rsa_aes_128_sha", - TLS_DHE_RSA_WITH_AES_128_CBC_SHA, true }, - + { "security.ssl3.dhe_rsa_camellia_256_sha", + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, true}, { "security.ssl3.dhe_rsa_aes_256_sha", TLS_DHE_RSA_WITH_AES_256_CBC_SHA, true }, + { "security.ssl3.dhe_rsa_camellia_128_sha", + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, true }, + { "security.ssl3.dhe_rsa_aes_128_sha", + TLS_DHE_RSA_WITH_AES_128_CBC_SHA, true }, + { "security.tls13.aes_128_gcm_sha256", TLS_AES_128_GCM_SHA256, true }, { "security.tls13.chacha20_poly1305_sha256", @@ -1357,12 +1361,27 @@ static const CipherPref sCipherPrefs[] = { { "security.tls13.aes_256_gcm_sha384", TLS_AES_256_GCM_SHA384, true }, + // Deprecated (RSA key exchange): + { "security.ssl3.rsa_aes_256_gcm_sha384", + TLS_RSA_WITH_AES_256_GCM_SHA384, true }, + { "security.ssl3.rsa_aes_256_sha256", + TLS_RSA_WITH_AES_256_CBC_SHA256, true }, + {"security.ssl3.rsa_camellia_128_sha", + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, true }, + {"security.ssl3.rsa_camellia_256_sha", + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, true }, { "security.ssl3.rsa_aes_128_sha", - TLS_RSA_WITH_AES_128_CBC_SHA, true }, // deprecated (RSA key exchange) + TLS_RSA_WITH_AES_128_CBC_SHA, true }, { "security.ssl3.rsa_aes_256_sha", - TLS_RSA_WITH_AES_256_CBC_SHA, true }, // deprecated (RSA key exchange) + TLS_RSA_WITH_AES_256_CBC_SHA, true }, + +// Expensive/deprecated/weak + { "security.ssl3.rsa_aes_128_gcm_sha256", + TLS_RSA_WITH_AES_128_GCM_SHA256, false }, // Deprecated + { "security.ssl3.rsa_aes_128_sha256", + TLS_RSA_WITH_AES_128_CBC_SHA256, false }, // Deprecated { "security.ssl3.rsa_des_ede3_sha", - TLS_RSA_WITH_3DES_EDE_CBC_SHA, true }, // deprecated (RSA key exchange, 3DES) + TLS_RSA_WITH_3DES_EDE_CBC_SHA, false }, // Weak (3DES) // All the rest are disabled |