diff options
author | wolfbeast <mcwerewolf@gmail.com> | 2017-07-20 14:19:54 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-02-02 19:06:52 +0100 |
commit | 34e23129f401487e53240f6bb74147104bbfced5 (patch) | |
tree | 365980f925070ec3e3c7310c03ee6e1dfcb6510a /security | |
parent | c0ffa0fe9889f28502aa1dc0f7293425ac6278ba (diff) | |
download | uxp-34e23129f401487e53240f6bb74147104bbfced5.tar.gz |
Disable 3DES cipher by default + re-order a few things.
Issue mcp-graveyard/UXP#4 point 4
Diffstat (limited to 'security')
-rw-r--r-- | security/manager/ssl/nsNSSComponent.cpp | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp index 89b33b7c22..1bcdcc1b02 100644 --- a/security/manager/ssl/nsNSSComponent.cpp +++ b/security/manager/ssl/nsNSSComponent.cpp @@ -1344,9 +1344,6 @@ static const CipherPref sCipherPrefs[] = { { "security.ssl3.ecdhe_ecdsa_aes_256_sha", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, true }, - { "security.ssl3.dhe_rsa_aes_128_sha", - TLS_DHE_RSA_WITH_AES_128_CBC_SHA, true }, - { "security.ssl3.dhe_rsa_camellia_256_sha", TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, true}, { "security.ssl3.dhe_rsa_aes_256_sha", @@ -1354,6 +1351,9 @@ static const CipherPref sCipherPrefs[] = { { "security.ssl3.dhe_rsa_camellia_128_sha", TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, true }, + { "security.ssl3.dhe_rsa_aes_128_sha", + TLS_DHE_RSA_WITH_AES_128_CBC_SHA, true }, + { "security.tls13.aes_128_gcm_sha256", TLS_AES_128_GCM_SHA256, true }, { "security.tls13.chacha20_poly1305_sha256", @@ -1361,6 +1361,7 @@ static const CipherPref sCipherPrefs[] = { { "security.tls13.aes_256_gcm_sha384", TLS_AES_256_GCM_SHA384, true }, + // Deprecated (RSA key exchange): { "security.ssl3.rsa_aes_256_gcm_sha384", TLS_RSA_WITH_AES_256_GCM_SHA384, true }, { "security.ssl3.rsa_aes_256_sha256", @@ -1370,15 +1371,17 @@ static const CipherPref sCipherPrefs[] = { {"security.ssl3.rsa_camellia_256_sha", TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, true }, { "security.ssl3.rsa_aes_128_sha", - TLS_RSA_WITH_AES_128_CBC_SHA, true }, // deprecated (RSA key exchange) + TLS_RSA_WITH_AES_128_CBC_SHA, true }, { "security.ssl3.rsa_aes_256_sha", - TLS_RSA_WITH_AES_256_CBC_SHA, true }, // deprecated (RSA key exchange) + TLS_RSA_WITH_AES_256_CBC_SHA, true }, + +// Expensive/deprecated/weak { "security.ssl3.rsa_aes_128_gcm_sha256", TLS_RSA_WITH_AES_128_GCM_SHA256, false }, // Deprecated { "security.ssl3.rsa_aes_128_sha256", TLS_RSA_WITH_AES_128_CBC_SHA256, false }, // Deprecated { "security.ssl3.rsa_des_ede3_sha", - TLS_RSA_WITH_3DES_EDE_CBC_SHA, true }, // deprecated (RSA key exchange, 3DES) + TLS_RSA_WITH_3DES_EDE_CBC_SHA, false }, // Weak (3DES) // All the rest are disabled |