|
|
5f1c2b |
diff -up nss/lib/ssl/ssl3con.c.disable-cipher-suites nss/lib/ssl/ssl3con.c
|
|
|
5f1c2b |
--- nss/lib/ssl/ssl3con.c.disable-cipher-suites 2017-02-20 16:29:09.760163465 +0100
|
|
|
5f1c2b |
+++ nss/lib/ssl/ssl3con.c 2017-02-20 16:30:32.948137315 +0100
|
|
|
5f1c2b |
@@ -96,7 +96,10 @@ static ssl3CipherSuiteCfg cipherSuites[s
|
|
|
5f1c2b |
{ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
5f1c2b |
{ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
5f1c2b |
{ TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
5f1c2b |
- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
5f1c2b |
+ /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is disabled by default.
|
|
|
5f1c2b |
+ * The GCM variant is preferred for new applications.
|
|
|
5f1c2b |
+ */
|
|
|
5f1c2b |
+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
5f1c2b |
{ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
5f1c2b |
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
5f1c2b |
{ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
5f1c2b |
@@ -104,7 +107,10 @@ static ssl3CipherSuiteCfg cipherSuites[s
|
|
|
5f1c2b |
{ TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
5f1c2b |
{ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
5f1c2b |
{ TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
5f1c2b |
- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
|
|
5f1c2b |
+ /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is disabled by default.
|
|
|
5f1c2b |
+ * The GCM variant is preferred for new applications.
|
|
|
5f1c2b |
+ */
|
|
|
5f1c2b |
+ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
5f1c2b |
{ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
5f1c2b |
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
|
|
5f1c2b |
{ TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|