mirror of
https://github.com/rn10950/RetroZilla.git
synced 2024-06-03 06:10:13 +02:00
Merge a9263a8c47
into 88871bc547
This commit is contained in:
commit
148af5bf64
|
@ -53,9 +53,17 @@ pref("security.ssl3.dhe_dss_des_sha", false);
|
|||
pref("security.ssl3.rsa_null_sha", false);
|
||||
pref("security.ssl3.rsa_null_md5", false);
|
||||
|
||||
pref("security.ssl3.rsa_aes_256_gcm_sha384", true);
|
||||
|
||||
pref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true);
|
||||
pref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true);
|
||||
|
||||
pref("security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384", true);
|
||||
pref("security.ssl3.ecdhe_rsa_aes_256_gcm_sha384", true);
|
||||
|
||||
pref("security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256", true);
|
||||
pref("security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256", true);
|
||||
|
||||
pref("security.default_personal_cert", "Ask Every Time");
|
||||
pref("security.remember_cert_checkbox_default_setting", true);
|
||||
pref("security.ask_for_password", 0);
|
||||
|
|
|
@ -950,8 +950,13 @@ static CipherPref CipherPrefs[] = {
|
|||
{"security.ssl3.rsa_null_sha", SSL_RSA_WITH_NULL_SHA}, // No encryption with RSA authentication and a SHA1 MAC
|
||||
{"security.ssl3.rsa_null_md5", SSL_RSA_WITH_NULL_MD5}, // No encryption with RSA authentication and an MD5 MAC
|
||||
{"security.ssl3.rsa_seed_sha", TLS_RSA_WITH_SEED_CBC_SHA}, // SEED encryption with RSA and a SHA1 MAC
|
||||
{"security.ssl3.rsa_aes_256_gcm_sha384", TLS_RSA_WITH_AES_256_GCM_SHA384}, // 256-bit AES-GCM encryption with RSA
|
||||
{"security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, // 128-bit AES-GCM encryption with ECDHE-ECDSA
|
||||
{"security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, // 128-bit AES-GCM encryption with ECDHE-RSA
|
||||
{"security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384", TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384}, // 256-bit AES-GCM encryption with ECDHE-ECDSA
|
||||
{"security.ssl3.ecdhe_rsa_aes_256_gcm_sha384", TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384}, // 256-bit AES-GCM encryption with ECDHE-RSA
|
||||
{"security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256", TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256}, // 256-bit ChaCha20-Poly1305 encryption with ECDHE-ECDSA
|
||||
{"security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256", TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256}, // 256-bit ChaCha20-Poly1305 encryption with ECDHE-RSA
|
||||
{NULL, 0} /* end marker */
|
||||
};
|
||||
|
||||
|
|
|
@ -106,13 +106,14 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
|
|||
/* cipher_suite policy enabled isPresent */
|
||||
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
{ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around
|
||||
* bug 946147.
|
||||
*/
|
||||
|
@ -163,6 +164,7 @@ static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
|
|||
{ TLS_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_RSA_WITH_AES_256_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
|
@ -436,10 +438,12 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] =
|
|||
|
||||
{TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_dhe_rsa},
|
||||
{TLS_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_rsa},
|
||||
{TLS_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_rsa},
|
||||
|
||||
{TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_rsa},
|
||||
{TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, cipher_aes_128_gcm, mac_aead, kea_ecdhe_ecdsa},
|
||||
{TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_rsa}, // XXX: ssl_hash_sha384 hardcoded, see TenFourFox issue 480
|
||||
{TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_ecdsa},
|
||||
{TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, cipher_camellia_128_gcm, mac_aead, kea_ecdhe_rsa},
|
||||
{TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, cipher_camellia_128_gcm, mac_aead, kea_ecdhe_ecdsa},
|
||||
|
||||
|
@ -694,12 +698,14 @@ ssl3_CipherSuiteAllowedForVersionRange(
|
|||
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA256:
|
||||
case TLS_RSA_WITH_AES_128_CBC_SHA256:
|
||||
case TLS_RSA_WITH_AES_128_GCM_SHA256:
|
||||
case TLS_RSA_WITH_AES_256_GCM_SHA384:
|
||||
case TLS_DHE_DSS_WITH_AES_128_CBC_SHA256:
|
||||
case TLS_DHE_DSS_WITH_AES_256_CBC_SHA256:
|
||||
case TLS_RSA_WITH_NULL_SHA256:
|
||||
return vrange->max == SSL_LIBRARY_VERSION_TLS_1_2;
|
||||
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256:
|
||||
case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
|
||||
case TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256:
|
||||
case TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256:
|
||||
case TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384:
|
||||
|
@ -3778,7 +3784,9 @@ ssl3_GetTls12PrfHashMechanism(sslSocket *ss)
|
|||
}
|
||||
return CKM_SHA256;
|
||||
#else
|
||||
if (ss->ssl3.hs.cipher_suite == TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
|
||||
if (ss->ssl3.hs.cipher_suite == TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
|| ss->ssl3.hs.cipher_suite == TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
||||
|| ss->ssl3.hs.cipher_suite == TLS_RSA_WITH_AES_256_GCM_SHA384)
|
||||
return CKM_SHA384;
|
||||
return CKM_SHA256;
|
||||
#endif
|
||||
|
@ -3794,7 +3802,9 @@ ssl3_GetSuitePrfHash(sslSocket *ss) {
|
|||
}
|
||||
return ss->ssl3.hs.suite_def->prf_hash;
|
||||
#else
|
||||
if (ss->ssl3.hs.cipher_suite == TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384)
|
||||
if (ss->ssl3.hs.cipher_suite == TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
|
||||
|| ss->ssl3.hs.cipher_suite == TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
|
||||
|| ss->ssl3.hs.cipher_suite == TLS_RSA_WITH_AES_256_GCM_SHA384)
|
||||
return ssl_hash_sha384;
|
||||
return ssl_hash_sha256;
|
||||
#endif
|
||||
|
|
|
@ -919,6 +919,7 @@ static const ssl3CipherSuite ecdhe_ecdsa_suites[] = {
|
|||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
||||
TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
|
||||
|
|
|
@ -49,6 +49,7 @@
|
|||
const PRUint16 SSL_ImplementedCiphers[] = {
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
|
||||
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
|
||||
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256,
|
||||
|
@ -104,6 +105,7 @@ const PRUint16 SSL_ImplementedCiphers[] = {
|
|||
TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA256,
|
||||
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
||||
TLS_RSA_WITH_AES_256_GCM_SHA384,
|
||||
TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||
TLS_RSA_WITH_AES_256_CBC_SHA256,
|
||||
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
||||
|
|
|
@ -294,9 +294,9 @@ typedef struct {
|
|||
} ssl3CipherSuiteCfg;
|
||||
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
#define ssl_V3_SUITES_IMPLEMENTED 70
|
||||
#define ssl_V3_SUITES_IMPLEMENTED 72
|
||||
#else
|
||||
#define ssl_V3_SUITES_IMPLEMENTED 41
|
||||
#define ssl_V3_SUITES_IMPLEMENTED 42
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
#define MAX_DTLS_SRTP_CIPHER_SUITES 4
|
||||
|
|
|
@ -169,7 +169,6 @@ SSL_GetPreliminaryChannelInfo(PRFileDesc *fd,
|
|||
|
||||
static const SSLCipherSuiteInfo suiteInfo[] = {
|
||||
/* <------ Cipher suite --------------------> <auth> <KEA> <bulk cipher> <MAC> <FIPS> */
|
||||
{0,CS(TLS_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_RSA, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
|
||||
{0,CS(TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256), S_RSA, K_DHE, C_CHACHA20, B_256, M_AEAD_128, 0, 0, 0 },
|
||||
|
||||
{0,CS(TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA), S_RSA, K_DHE, C_CAMELLIA, B_256, M_SHA, 0, 0, 0, },
|
||||
|
@ -195,8 +194,10 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
|
|||
{0,CS(TLS_RSA_WITH_CAMELLIA_128_CBC_SHA), S_RSA, K_RSA, C_CAMELLIA, B_128, M_SHA, 0, 0, 0, },
|
||||
{0,CS(TLS_RSA_WITH_RC4_128_SHA), S_RSA, K_RSA, C_RC4, B_128, M_SHA, 0, 0, 0, },
|
||||
{0,CS(TLS_RSA_WITH_RC4_128_MD5), S_RSA, K_RSA, C_RC4, B_128, M_MD5, 0, 0, 0, },
|
||||
{0,CS(TLS_RSA_WITH_AES_128_GCM_SHA256), S_RSA, K_RSA, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
|
||||
{0,CS(TLS_RSA_WITH_AES_128_CBC_SHA256), S_RSA, K_RSA, C_AES, B_128, M_SHA256, 1, 0, 0, },
|
||||
{0,CS(TLS_RSA_WITH_AES_128_CBC_SHA), S_RSA, K_RSA, C_AES, B_128, M_SHA, 1, 0, 0, },
|
||||
{0,CS(TLS_RSA_WITH_AES_256_GCM_SHA384), S_RSA, K_RSA, C_AESGCM, B_256, M_AEAD_128, 1, 0, 0, },
|
||||
|
||||
{0,CS(TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA), S_RSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
|
||||
{0,CS(TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA), S_DSA, K_DHE, C_3DES,B_3DES,M_SHA, 1, 0, 0, },
|
||||
|
@ -222,6 +223,7 @@ static const SSLCipherSuiteInfo suiteInfo[] = {
|
|||
{0,CS(TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384), S_RSA, K_ECDHE, C_AESGCM, B_256, M_AEAD_128, 1, 0, 0, },
|
||||
{0,CS(TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256), S_RSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
|
||||
{0,CS(TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
|
||||
{0,CS(TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384), S_ECDSA, K_ECDHE, C_AESGCM, B_256, M_AEAD_128, 1, 0, 0, },
|
||||
{0,CS(TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256), S_ECDSA, K_ECDHE, C_AESGCM, B_128, M_AEAD_128, 1, 0, 0, },
|
||||
|
||||
{0,CS(TLS_ECDH_ECDSA_WITH_NULL_SHA), S_ECDSA, K_ECDH, C_NULL, B_0, M_SHA, 0, 0, 0, },
|
||||
|
|
|
@ -205,6 +205,7 @@
|
|||
#define TLS_RSA_WITH_SEED_CBC_SHA 0x0096
|
||||
|
||||
#define TLS_RSA_WITH_AES_128_GCM_SHA256 0x009C
|
||||
#define TLS_RSA_WITH_AES_256_GCM_SHA384 0x009D
|
||||
#define TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 0x009E
|
||||
#define TLS_DHE_DSS_WITH_AES_128_GCM_SHA256 0x00A2
|
||||
|
||||
|
@ -256,6 +257,7 @@
|
|||
#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 0xC027
|
||||
|
||||
#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
|
||||
#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
|
||||
#define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 0xC02D
|
||||
#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 0xC02F
|
||||
#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 0xC030
|
||||
|
|
Loading…
Reference in New Issue
Block a user