diff options
| author | wolfbeast <mcwerewolf@gmail.com> | 2017-07-20 14:17:40 +0200 |
|---|---|---|
| committer | wolfbeast <mcwerewolf@gmail.com> | 2018-02-02 19:05:37 +0100 |
| commit | acaf15453c3c00b2fa387239ae854736383134db (patch) | |
| tree | 806d78ad2d88daa73edb88763fe06e3e463e768a | |
| parent | 3b70762534d82b9dc0bc59934327e981f032e69f (diff) | |
| download | UXP-acaf15453c3c00b2fa387239ae854736383134db.tar UXP-acaf15453c3c00b2fa387239ae854736383134db.tar.gz UXP-acaf15453c3c00b2fa387239ae854736383134db.tar.lz UXP-acaf15453c3c00b2fa387239ae854736383134db.tar.xz UXP-acaf15453c3c00b2fa387239ae854736383134db.zip | |
Add RSA-AES + SHA256/384 suites for web compatibility.
Sites with these ciphers (commonly IIS) would otherwise fall back to weak 3DES that will be disabled by default.
Issue #4 points 2 and 3
| -rw-r--r-- | netwerk/base/security-prefs.js | 4 | ||||
| -rw-r--r-- | security/manager/ssl/nsNSSComponent.cpp | 8 |
2 files changed, 12 insertions, 0 deletions
diff --git a/netwerk/base/security-prefs.js b/netwerk/base/security-prefs.js index be3c6f33d..9403b3139 100644 --- a/netwerk/base/security-prefs.js +++ b/netwerk/base/security-prefs.js @@ -31,11 +31,15 @@ pref("security.ssl3.dhe_rsa_aes_128_sha", true); pref("security.ssl3.dhe_rsa_camellia_256_sha", true); pref("security.ssl3.dhe_rsa_aes_256_sha", true); pref("security.ssl3.dhe_rsa_camellia_128_sha", true); +pref("security.ssl3.rsa_aes_256_gcm_sha384", true); +pref("security.ssl3.rsa_aes_256_sha256", true); pref("security.ssl3.rsa_camellia_128_sha", true); pref("security.ssl3.rsa_camellia_256_sha", true); pref("security.ssl3.rsa_aes_128_sha", true); pref("security.ssl3.rsa_aes_256_sha", true); pref("security.ssl3.rsa_des_ede3_sha", true); +pref("security.ssl3.rsa_aes_128_gcm_sha256", false); +pref("security.ssl3.rsa_aes_128_sha256", false); pref("security.content.signature.root_hash", "97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E"); diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp index b46e69cbc..89b33b7c2 100644 --- a/security/manager/ssl/nsNSSComponent.cpp +++ b/security/manager/ssl/nsNSSComponent.cpp @@ -1361,6 +1361,10 @@ static const CipherPref sCipherPrefs[] = { { "security.tls13.aes_256_gcm_sha384", TLS_AES_256_GCM_SHA384, true }, + { "security.ssl3.rsa_aes_256_gcm_sha384", + TLS_RSA_WITH_AES_256_GCM_SHA384, true }, + { "security.ssl3.rsa_aes_256_sha256", + TLS_RSA_WITH_AES_256_CBC_SHA256, true }, {"security.ssl3.rsa_camellia_128_sha", TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, true }, {"security.ssl3.rsa_camellia_256_sha", @@ -1369,6 +1373,10 @@ static const CipherPref sCipherPrefs[] = { TLS_RSA_WITH_AES_128_CBC_SHA, true }, // deprecated (RSA key exchange) { "security.ssl3.rsa_aes_256_sha", TLS_RSA_WITH_AES_256_CBC_SHA, true }, // deprecated (RSA key exchange) + { "security.ssl3.rsa_aes_128_gcm_sha256", + TLS_RSA_WITH_AES_128_GCM_SHA256, false }, // Deprecated + { "security.ssl3.rsa_aes_128_sha256", + TLS_RSA_WITH_AES_128_CBC_SHA256, false }, // Deprecated { "security.ssl3.rsa_des_ede3_sha", TLS_RSA_WITH_3DES_EDE_CBC_SHA, true }, // deprecated (RSA key exchange, 3DES) |