summaryrefslogtreecommitdiffstats
path: root/security/manager/ssl/nsNSSComponent.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'security/manager/ssl/nsNSSComponent.cpp')
-rw-r--r--security/manager/ssl/nsNSSComponent.cpp31
1 files changed, 25 insertions, 6 deletions
diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp
index d53f846ed..1bcdcc1b0 100644
--- a/security/manager/ssl/nsNSSComponent.cpp
+++ b/security/manager/ssl/nsNSSComponent.cpp
@@ -1344,12 +1344,16 @@ static const CipherPref sCipherPrefs[] = {
{ "security.ssl3.ecdhe_ecdsa_aes_256_sha",
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, true },
- { "security.ssl3.dhe_rsa_aes_128_sha",
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA, true },
-
+ { "security.ssl3.dhe_rsa_camellia_256_sha",
+ TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, true},
{ "security.ssl3.dhe_rsa_aes_256_sha",
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, true },
+ { "security.ssl3.dhe_rsa_camellia_128_sha",
+ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, true },
+ { "security.ssl3.dhe_rsa_aes_128_sha",
+ TLS_DHE_RSA_WITH_AES_128_CBC_SHA, true },
+
{ "security.tls13.aes_128_gcm_sha256",
TLS_AES_128_GCM_SHA256, true },
{ "security.tls13.chacha20_poly1305_sha256",
@@ -1357,12 +1361,27 @@ static const CipherPref sCipherPrefs[] = {
{ "security.tls13.aes_256_gcm_sha384",
TLS_AES_256_GCM_SHA384, true },
+ // Deprecated (RSA key exchange):
+ { "security.ssl3.rsa_aes_256_gcm_sha384",
+ TLS_RSA_WITH_AES_256_GCM_SHA384, true },
+ { "security.ssl3.rsa_aes_256_sha256",
+ TLS_RSA_WITH_AES_256_CBC_SHA256, true },
+ {"security.ssl3.rsa_camellia_128_sha",
+ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, true },
+ {"security.ssl3.rsa_camellia_256_sha",
+ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, true },
{ "security.ssl3.rsa_aes_128_sha",
- TLS_RSA_WITH_AES_128_CBC_SHA, true }, // deprecated (RSA key exchange)
+ TLS_RSA_WITH_AES_128_CBC_SHA, true },
{ "security.ssl3.rsa_aes_256_sha",
- TLS_RSA_WITH_AES_256_CBC_SHA, true }, // deprecated (RSA key exchange)
+ TLS_RSA_WITH_AES_256_CBC_SHA, true },
+
+// Expensive/deprecated/weak
+ { "security.ssl3.rsa_aes_128_gcm_sha256",
+ TLS_RSA_WITH_AES_128_GCM_SHA256, false }, // Deprecated
+ { "security.ssl3.rsa_aes_128_sha256",
+ TLS_RSA_WITH_AES_128_CBC_SHA256, false }, // Deprecated
{ "security.ssl3.rsa_des_ede3_sha",
- TLS_RSA_WITH_3DES_EDE_CBC_SHA, true }, // deprecated (RSA key exchange, 3DES)
+ TLS_RSA_WITH_3DES_EDE_CBC_SHA, false }, // Weak (3DES)
// All the rest are disabled