diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/manager/ssl/nsNSSComponent.cpp | 31 | ||||
| -rwxr-xr-x | security/nss/gtests/google_test/gtest/test/gtest_xml_output_unittest.py | 2 |
2 files changed, 26 insertions, 7 deletions
diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp index d53f846ed..1bcdcc1b0 100644 --- a/security/manager/ssl/nsNSSComponent.cpp +++ b/security/manager/ssl/nsNSSComponent.cpp @@ -1344,12 +1344,16 @@ static const CipherPref sCipherPrefs[] = { { "security.ssl3.ecdhe_ecdsa_aes_256_sha", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, true }, - { "security.ssl3.dhe_rsa_aes_128_sha", - TLS_DHE_RSA_WITH_AES_128_CBC_SHA, true }, - + { "security.ssl3.dhe_rsa_camellia_256_sha", + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, true}, { "security.ssl3.dhe_rsa_aes_256_sha", TLS_DHE_RSA_WITH_AES_256_CBC_SHA, true }, + { "security.ssl3.dhe_rsa_camellia_128_sha", + TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, true }, + { "security.ssl3.dhe_rsa_aes_128_sha", + TLS_DHE_RSA_WITH_AES_128_CBC_SHA, true }, + { "security.tls13.aes_128_gcm_sha256", TLS_AES_128_GCM_SHA256, true }, { "security.tls13.chacha20_poly1305_sha256", @@ -1357,12 +1361,27 @@ static const CipherPref sCipherPrefs[] = { { "security.tls13.aes_256_gcm_sha384", TLS_AES_256_GCM_SHA384, true }, + // Deprecated (RSA key exchange): + { "security.ssl3.rsa_aes_256_gcm_sha384", + TLS_RSA_WITH_AES_256_GCM_SHA384, true }, + { "security.ssl3.rsa_aes_256_sha256", + TLS_RSA_WITH_AES_256_CBC_SHA256, true }, + {"security.ssl3.rsa_camellia_128_sha", + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, true }, + {"security.ssl3.rsa_camellia_256_sha", + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, true }, { "security.ssl3.rsa_aes_128_sha", - TLS_RSA_WITH_AES_128_CBC_SHA, true }, // deprecated (RSA key exchange) + TLS_RSA_WITH_AES_128_CBC_SHA, true }, { "security.ssl3.rsa_aes_256_sha", - TLS_RSA_WITH_AES_256_CBC_SHA, true }, // deprecated (RSA key exchange) + TLS_RSA_WITH_AES_256_CBC_SHA, true }, + +// Expensive/deprecated/weak + { "security.ssl3.rsa_aes_128_gcm_sha256", + TLS_RSA_WITH_AES_128_GCM_SHA256, false }, // Deprecated + { "security.ssl3.rsa_aes_128_sha256", + TLS_RSA_WITH_AES_128_CBC_SHA256, false }, // Deprecated { "security.ssl3.rsa_des_ede3_sha", - TLS_RSA_WITH_3DES_EDE_CBC_SHA, true }, // deprecated (RSA key exchange, 3DES) + TLS_RSA_WITH_3DES_EDE_CBC_SHA, false }, // Weak (3DES) // All the rest are disabled diff --git a/security/nss/gtests/google_test/gtest/test/gtest_xml_output_unittest.py b/security/nss/gtests/google_test/gtest/test/gtest_xml_output_unittest.py index f605d4ee2..467ab1d08 100755 --- a/security/nss/gtests/google_test/gtest/test/gtest_xml_output_unittest.py +++ b/security/nss/gtests/google_test/gtest/test/gtest_xml_output_unittest.py @@ -192,7 +192,7 @@ class GTestXMLOutputUnitTest(gtest_xml_test_utils.GTestXMLTestCase): day=int(match.group(3)), hour=int(match.group(4)), minute=int(match.group(5)), second=int(match.group(6))) - time_delta = abs(datetime.datetime.now() - date_time_from_xml) + time_delta = abs(datetime.datetime.utcnow() - date_time_from_xml) # timestamp value should be near the current local time self.assertTrue(time_delta < datetime.timedelta(seconds=600), 'time_delta is %s' % time_delta) |