|
|
8b133b |
diff -up ./nss/lib/ssl/ssl3con.c.1245627 ./nss/lib/ssl/ssl3con.c
|
|
|
8b133b |
--- ./nss/lib/ssl/ssl3con.c.1245627 2015-08-10 15:42:24.831988193 -0700
|
|
|
8b133b |
+++ ./nss/lib/ssl/ssl3con.c 2015-08-10 17:03:05.674965691 -0700
|
|
|
8b133b |
@@ -90,21 +90,24 @@ static ssl3CipherSuiteCfg cipherSuites[s
|
|
|
8b133b |
/* cipher_suite policy enabled isPresent */
|
|
|
8b133b |
|
|
|
8b133b |
#ifndef NSS_DISABLE_ECC
|
|
|
8b133b |
- { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
8b133b |
{ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
8b133b |
- { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
8b133b |
- { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
8b133b |
+ { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
8b133b |
+ /* Switched order of two previous to meet Suite B requirements
|
|
|
8b133b |
+ * but implemented by default yet.
|
|
|
8b133b |
+ */
|
|
|
8b133b |
+ { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
8b133b |
+ { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
8b133b |
{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
8b133b |
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
8b133b |
/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around
|
|
|
8b133b |
* bug 946147.
|
|
|
8b133b |
*/
|
|
|
8b133b |
- { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
8b133b |
- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
8b133b |
- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
8b133b |
+ { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
8b133b |
+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
8b133b |
+ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
8b133b |
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
8b133b |
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
8b133b |
- { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
8b133b |
+ { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
8b133b |
{ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
8b133b |
{ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
8b133b |
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
8b133b |
@@ -119,7 +122,7 @@ static ssl3CipherSuiteCfg cipherSuites[s
|
|
|
8b133b |
{ TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
8b133b |
{ TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
8b133b |
{ TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
8b133b |
- { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
8b133b |
+ { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
8b133b |
{ TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
8b133b |
{ TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
8b133b |
{ TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
8b133b |
@@ -143,7 +146,7 @@ static ssl3CipherSuiteCfg cipherSuites[s
|
|
|
8b133b |
#endif /* NSS_DISABLE_ECC */
|
|
|
8b133b |
|
|
|
8b133b |
/* RSA */
|
|
|
8b133b |
- { TLS_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
8b133b |
+ { TLS_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
8b133b |
{ TLS_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
8b133b |
{ TLS_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
8b133b |
{ TLS_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
8b133b |
diff -up ./nss/lib/ssl/sslenum.c.1245627 ./nss/lib/ssl/sslenum.c
|
|
|
8b133b |
--- ./nss/lib/ssl/sslenum.c.1245627 2015-08-10 15:42:24.809988026 -0700
|
|
|
8b133b |
+++ ./nss/lib/ssl/sslenum.c 2015-08-10 15:42:24.846988306 -0700
|
|
|
8b133b |
@@ -48,8 +48,8 @@
|
|
|
8b133b |
*/
|
|
|
8b133b |
const PRUint16 SSL_ImplementedCiphers[] = {
|
|
|
8b133b |
#ifndef NSS_DISABLE_ECC
|
|
|
8b133b |
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
|
|
8b133b |
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
|
|
8b133b |
+ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
|
|
8b133b |
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
|
|
8b133b |
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
|
|
8b133b |
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
|