diff --git a/security/manager/ssl/src/nsNSSComponent.cpp b/security/manager/ssl/src/nsNSSComponent.cpp index 00e7144b..ed41af1e 100644 --- a/security/manager/ssl/src/nsNSSComponent.cpp +++ b/security/manager/ssl/src/nsNSSComponent.cpp @@ -949,6 +949,9 @@ static CipherPref CipherPrefs[] = { {"security.ssl3.dhe_dss_des_sha", SSL_DHE_DSS_WITH_DES_CBC_SHA}, // 56-bit DES encryption with DSA, DHE, and a SHA1 MAC {"security.ssl3.rsa_null_sha", SSL_RSA_WITH_NULL_SHA}, // No encryption with RSA authentication and a SHA1 MAC {"security.ssl3.rsa_null_md5", SSL_RSA_WITH_NULL_MD5}, // No encryption with RSA authentication and an MD5 MAC + {"security.ssl3.rsa_seed_sha", TLS_RSA_WITH_SEED_CBC_SHA}, // SEED encryption with RSA and a SHA1 MAC + {"security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256}, // 128-bit AES-GCM encryption with ECDHE-ECDSA + {"security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256}, // 128-bit AES-GCM encryption with ECDHE-RSA {NULL, 0} /* end marker */ }; @@ -1527,6 +1530,10 @@ nsNSSComponent::InitializeNSS(PRBool showWarningBox) mPrefBranch->GetBoolPref("security.enable_tls", &enabled); SSL_OptionSetDefault(SSL_ENABLE_TLS, enabled); + SSLVersionRange supported; + SSL_VersionRangeGetSupported(ssl_variant_stream, &supported); + SSL_VersionRangeSetDefault(ssl_variant_stream, &supported); + // Disable any ciphers that NSS might have enabled by default for (PRUint16 i = 0; i < SSL_NumImplementedCiphers; ++i) { @@ -2031,6 +2038,11 @@ nsNSSComponent::Observe(nsISupports *aSubject, const char *aTopic, } else if (prefName.Equals("security.enable_tls")) { mPrefBranch->GetBoolPref("security.enable_tls", &enabled); SSL_OptionSetDefault(SSL_ENABLE_TLS, enabled); + + SSLVersionRange supported; + SSL_VersionRangeGetSupported(ssl_variant_stream, &supported); + SSL_VersionRangeSetDefault(ssl_variant_stream, &supported); + } else if (prefName.Equals("security.OCSP.enabled")) { setOCSPOptions(mPrefBranch); } else {