roytam1/palemoon27
1
0
Fork 0
mirror of https://github.com/roytam1/palemoon27.git synced 2026-06-01 05:01:15 +00:00
Code Issues Projects Releases Wiki Activity

Security: Hook up Camellia ciphers, disable RC4.

Browse Source
This commit is contained in:
wolfbeast
2016-04-20 11:59:19 +02:00
committed by roytam1
parent e77132d277
commit e52817d90a
2 changed files with 32 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files
netwerk/base/security-prefs.js
+11 -5
View File
@@ -20,19 +20,25 @@ pref("security.ssl.enable_alpn", true);
pref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true);
pref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true);
pref("security.ssl3.ecdhe_rsa_camellia_128_gcm_sha256", true);
pref("security.ssl3.ecdhe_ecdsa_camellia_128_gcm_sha256", true);
pref("security.ssl3.ecdhe_rsa_aes_128_sha", true);
pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", true);
pref("security.ssl3.ecdhe_rsa_aes_256_sha", true);
pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true);
pref("security.ssl3.dhe_rsa_aes_128_sha", true);
pref("security.ssl3.dhe_rsa_camellia_128_sha", true);
pref("security.ssl3.dhe_rsa_aes_256_sha", true);
pref("security.ssl3.ecdhe_rsa_rc4_128_sha", true);
pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", true);
pref("security.ssl3.dhe_rsa_camellia_256_sha", true);
pref("security.ssl3.ecdhe_rsa_rc4_128_sha", false);
pref("security.ssl3.ecdhe_ecdsa_rc4_128_sha", false);
pref("security.ssl3.rsa_aes_128_sha", true);
pref("security.ssl3.rsa_camellia_128_sha", true);
pref("security.ssl3.rsa_aes_256_sha", true);
pref("security.ssl3.rsa_camellia_256_sha", true);
pref("security.ssl3.rsa_des_ede3_sha", true);
pref("security.ssl3.rsa_rc4_128_sha", true);
pref("security.ssl3.rsa_rc4_128_md5", true);
pref("security.ssl3.rsa_rc4_128_sha", false);
pref("security.ssl3.rsa_rc4_128_md5", false);
pref("security.default_personal_cert", "Ask Every Time");
pref("security.remember_cert_checkbox_default_setting", true);
@@ -43,6 +49,6 @@ pref("security.OCSP.enabled", 1);
pref("security.OCSP.require", false);
pref("security.OCSP.GET.enabled", false);
pref("security.ssl.errorReporting.enabled", true);
pref("security.ssl.errorReporting.enabled", false);
pref("security.ssl.errorReporting.url", "https://data.mozilla.com/submit/sslreports");
pref("security.ssl.errorReporting.automatic", false);
security/manager/ssl/src/nsNSSComponent.cpp
+21 -11
View File
@@ -632,32 +632,42 @@ typedef struct {
} CipherPref;
// Update the switch statement in HandshakeCallback in nsNSSCallbacks.cpp when
// you add/remove cipher suites here.
// you add/remove cipher suites here. (Telemetry)
static const CipherPref sCipherPrefs[] = {
{ "security.ssl3.ecdhe_rsa_aes_128_gcm_sha256",
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, true },
{ "security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256",
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, true },
{ "security.ssl3.ecdhe_rsa_aes_128_sha",
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, true },
{ "security.ssl3.ecdhe_ecdsa_aes_128_sha",
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, true },
{ "security.ssl3.ecdhe_rsa_camellia_128_gcm_sha256",
TLS_ECDHE_RSA_WITH_CAMELLIA_128_GCM_SHA256, true },
{ "security.ssl3.ecdhe_ecdsa_camellia_128_gcm_sha256",
TLS_ECDHE_ECDSA_WITH_CAMELLIA_128_GCM_SHA256, true },
{ "security.ssl3.ecdhe_rsa_aes_256_sha",
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, true },
{ "security.ssl3.ecdhe_ecdsa_aes_256_sha",
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, true },
{ "security.ssl3.dhe_rsa_aes_128_sha",
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, true },
{ "security.ssl3.ecdhe_rsa_aes_128_sha",
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, true },
{ "security.ssl3.ecdhe_ecdsa_aes_128_sha",
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, true },
{ "security.ssl3.dhe_rsa_aes_256_sha",
TLS_DHE_RSA_WITH_AES_256_CBC_SHA, true },
{ "security.ssl3.dhe_rsa_camellia_256_sha",
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, true},
{ "security.ssl3.dhe_rsa_aes_128_sha",
TLS_DHE_RSA_WITH_AES_128_CBC_SHA, true },
{ "security.ssl3.dhe_rsa_camellia_128_sha",
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, true },
{ "security.ssl3.ecdhe_rsa_rc4_128_sha",
TLS_ECDHE_RSA_WITH_RC4_128_SHA, true, true }, // deprecated (RC4)
TLS_ECDHE_RSA_WITH_RC4_128_SHA, false, true }, // deprecated (RC4)
{ "security.ssl3.ecdhe_ecdsa_rc4_128_sha",
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, true, true }, // deprecated (RC4)
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, false, true }, // deprecated (RC4)
{ "security.ssl3.rsa_aes_128_sha",
TLS_RSA_WITH_AES_128_CBC_SHA, true }, // deprecated (RSA key exchange)
@@ -667,9 +677,9 @@ static const CipherPref sCipherPrefs[] = {
TLS_RSA_WITH_3DES_EDE_CBC_SHA, true }, // deprecated (RSA key exchange, 3DES)
{ "security.ssl3.rsa_rc4_128_sha",
TLS_RSA_WITH_RC4_128_SHA, true, true }, // deprecated (RSA key exchange, RC4)
TLS_RSA_WITH_RC4_128_SHA, false, true }, // deprecated (RSA key exchange, RC4)
{ "security.ssl3.rsa_rc4_128_md5",
TLS_RSA_WITH_RC4_128_MD5, true, true }, // deprecated (RSA key exchange, RC4, HMAC-MD5)
TLS_RSA_WITH_RC4_128_MD5, false, true }, // deprecated (RSA key exchange, RC4, HMAC-MD5)
// All the rest are disabled by default