summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2017-07-20 14:17:40 +0200
committerwolfbeast <mcwerewolf@gmail.com>2018-02-02 19:05:37 +0100
commitacaf15453c3c00b2fa387239ae854736383134db (patch)
tree806d78ad2d88daa73edb88763fe06e3e463e768a /security
parent3b70762534d82b9dc0bc59934327e981f032e69f (diff)
downloadUXP-acaf15453c3c00b2fa387239ae854736383134db.tar
UXP-acaf15453c3c00b2fa387239ae854736383134db.tar.gz
UXP-acaf15453c3c00b2fa387239ae854736383134db.tar.lz
UXP-acaf15453c3c00b2fa387239ae854736383134db.tar.xz
UXP-acaf15453c3c00b2fa387239ae854736383134db.zip
Add RSA-AES + SHA256/384 suites for web compatibility.
Sites with these ciphers (commonly IIS) would otherwise fall back to weak 3DES that will be disabled by default. Issue #4 points 2 and 3
Diffstat (limited to 'security')
-rw-r--r--security/manager/ssl/nsNSSComponent.cpp8
1 files changed, 8 insertions, 0 deletions
diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp
index b46e69cbc..89b33b7c2 100644
--- a/security/manager/ssl/nsNSSComponent.cpp
+++ b/security/manager/ssl/nsNSSComponent.cpp
@@ -1361,6 +1361,10 @@ static const CipherPref sCipherPrefs[] = {
{ "security.tls13.aes_256_gcm_sha384",
TLS_AES_256_GCM_SHA384, true },
+ { "security.ssl3.rsa_aes_256_gcm_sha384",
+ TLS_RSA_WITH_AES_256_GCM_SHA384, true },
+ { "security.ssl3.rsa_aes_256_sha256",
+ TLS_RSA_WITH_AES_256_CBC_SHA256, true },
{"security.ssl3.rsa_camellia_128_sha",
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, true },
{"security.ssl3.rsa_camellia_256_sha",
@@ -1369,6 +1373,10 @@ static const CipherPref sCipherPrefs[] = {
TLS_RSA_WITH_AES_128_CBC_SHA, true }, // deprecated (RSA key exchange)
{ "security.ssl3.rsa_aes_256_sha",
TLS_RSA_WITH_AES_256_CBC_SHA, true }, // deprecated (RSA key exchange)
+ { "security.ssl3.rsa_aes_128_gcm_sha256",
+ TLS_RSA_WITH_AES_128_GCM_SHA256, false }, // Deprecated
+ { "security.ssl3.rsa_aes_128_sha256",
+ TLS_RSA_WITH_AES_128_CBC_SHA256, false }, // Deprecated
{ "security.ssl3.rsa_des_ede3_sha",
TLS_RSA_WITH_3DES_EDE_CBC_SHA, true }, // deprecated (RSA key exchange, 3DES)