rpms / nss

Clone
Source Code
GIT

Blame SOURCES/nss-disable-cipher-suites.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c8 c8-beta c8-sig-altarch-armhfp c8s c9 c9-beta
  1.   5f1c2b16bb08b04beb8182ad49f26574c4f500e7
  2.   SOURCES
  3.   nss-disable-cipher-suites.patch
Blob History Raw
5f1c2b 
diff -up nss/lib/ssl/ssl3con.c.disable-cipher-suites nss/lib/ssl/ssl3con.c
5f1c2b 
--- nss/lib/ssl/ssl3con.c.disable-cipher-suites	2017-02-20 16:29:09.760163465 +0100
5f1c2b 
+++ nss/lib/ssl/ssl3con.c	2017-02-20 16:30:32.948137315 +0100
5f1c2b 
@@ -96,7 +96,10 @@ static ssl3CipherSuiteCfg cipherSuites[s
5f1c2b 
  { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
5f1c2b 
  { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
5f1c2b 
  { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,    SSL_ALLOWED, PR_TRUE, PR_FALSE},
5f1c2b 
- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
5f1c2b 
+ /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 is disabled by default.
5f1c2b 
+  * The GCM variant is preferred for new applications.
5f1c2b 
+  */
5f1c2b 
+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
5f1c2b 
  { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
5f1c2b 
  { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,        SSL_ALLOWED, PR_FALSE, PR_FALSE},
5f1c2b 
  { TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
5f1c2b 
@@ -104,7 +107,10 @@ static ssl3CipherSuiteCfg cipherSuites[s
5f1c2b 
  { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
5f1c2b 
  { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
5f1c2b 
  { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,      SSL_ALLOWED, PR_TRUE, PR_FALSE},
5f1c2b 
- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,   SSL_ALLOWED, PR_TRUE, PR_FALSE},
5f1c2b 
+ /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is disabled by default.
5f1c2b 
+  * The GCM variant is preferred for new applications.
5f1c2b 
+  */
5f1c2b 
+ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,   SSL_ALLOWED, PR_FALSE, PR_FALSE},
5f1c2b 
  { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,     SSL_ALLOWED, PR_FALSE, PR_FALSE},
5f1c2b 
  { TLS_ECDHE_RSA_WITH_RC4_128_SHA,          SSL_ALLOWED, PR_FALSE, PR_FALSE},
5f1c2b 
  { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,     SSL_ALLOWED, PR_FALSE, PR_FALSE},

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation