rpms / nss

Clone
Source Code
GIT

Blame SOURCES/additional-cipher-suites-enabled-by-default.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c8 c8-beta c8-sig-altarch-armhfp c8s c9 c9-beta
  1.   8b133ba36bfb51943239f3c7e70bc66c96071379
  2.   SOURCES
  3.   additional-cipher-suites-enabled-by-default.patch
Blob History Raw
8b133b 
diff -up ./nss/lib/ssl/ssl3con.c.1245627 ./nss/lib/ssl/ssl3con.c
8b133b 
--- ./nss/lib/ssl/ssl3con.c.1245627	2015-08-10 15:42:24.831988193 -0700
8b133b 
+++ ./nss/lib/ssl/ssl3con.c	2015-08-10 17:03:05.674965691 -0700
8b133b 
@@ -90,21 +90,24 @@ static ssl3CipherSuiteCfg cipherSuites[s
8b133b 
    /*      cipher_suite                     policy       enabled   isPresent */
8b133b
8b133b 
 #ifndef NSS_DISABLE_ECC
8b133b 
- { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
8b133b 
  { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
8b133b 
- { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
8b133b 
- { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
8b133b 
+ { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
8b133b 
+ /* Switched order of two previous to meet Suite B requirements
8b133b 
+  * but implemented by default yet.
8b133b 
+  */
8b133b 
+ { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
8b133b 
+ { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
8b133b 
  { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
8b133b 
  { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
8b133b 
    /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around
8b133b 
     * bug 946147.
8b133b 
     */
8b133b 
- { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,    SSL_ALLOWED, PR_FALSE, PR_FALSE},
8b133b 
- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,    SSL_ALLOWED, PR_FALSE, PR_FALSE},
8b133b 
- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
8b133b 
+ { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,    SSL_ALLOWED, PR_TRUE, PR_FALSE},
8b133b 
+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,    SSL_ALLOWED, PR_TRUE, PR_FALSE},
8b133b 
+ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,      SSL_ALLOWED, PR_TRUE, PR_FALSE},
8b133b 
  { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
8b133b 
  { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
8b133b 
- { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,      SSL_ALLOWED, PR_FALSE, PR_FALSE},
8b133b 
+ { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,      SSL_ALLOWED, PR_TRUE, PR_FALSE},
8b133b 
  { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
8b133b 
  { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
8b133b 
  { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,        SSL_ALLOWED, PR_FALSE, PR_FALSE},
8b133b 
@@ -119,7 +122,7 @@ static ssl3CipherSuiteCfg cipherSuites[s
8b133b 
  { TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
8b133b 
  { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
8b133b 
  { TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
8b133b 
- { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
8b133b 
+ { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,     SSL_ALLOWED, PR_TRUE, PR_FALSE},
8b133b 
  { TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
8b133b 
  { TLS_DHE_RSA_WITH_AES_256_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
8b133b 
  { TLS_DHE_DSS_WITH_AES_256_CBC_SHA,        SSL_ALLOWED, PR_TRUE,  PR_FALSE},
8b133b 
@@ -143,7 +146,7 @@ static ssl3CipherSuiteCfg cipherSuites[s
8b133b 
 #endif /* NSS_DISABLE_ECC */
8b133b
8b133b 
  /* RSA */
8b133b 
- { TLS_RSA_WITH_AES_256_GCM_SHA384,         SSL_ALLOWED, PR_FALSE,  PR_FALSE},
8b133b 
+ { TLS_RSA_WITH_AES_256_GCM_SHA384,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
8b133b 
  { TLS_RSA_WITH_AES_128_GCM_SHA256,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
8b133b 
  { TLS_RSA_WITH_AES_128_CBC_SHA,            SSL_ALLOWED, PR_TRUE,  PR_FALSE},
8b133b 
  { TLS_RSA_WITH_AES_128_CBC_SHA256,         SSL_ALLOWED, PR_TRUE,  PR_FALSE},
8b133b 
diff -up ./nss/lib/ssl/sslenum.c.1245627 ./nss/lib/ssl/sslenum.c
8b133b 
--- ./nss/lib/ssl/sslenum.c.1245627	2015-08-10 15:42:24.809988026 -0700
8b133b 
+++ ./nss/lib/ssl/sslenum.c	2015-08-10 15:42:24.846988306 -0700
8b133b 
@@ -48,8 +48,8 @@
8b133b 
  */
8b133b 
 const PRUint16 SSL_ImplementedCiphers[] = {
8b133b 
 #ifndef NSS_DISABLE_ECC
8b133b 
-    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
8b133b 
     TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
8b133b 
+    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
8b133b 
     TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
8b133b 
     TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
8b133b 
     TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation