roytam1/palemoon27
1
0
Fork 0
mirror of https://github.com/roytam1/palemoon27.git synced 2026-06-07 00:48:56 +00:00
Code Issues Projects Releases Wiki Activity
2,512 Commits 9 Branches 1 Tag
4e4dc6042e2dfeb595abb3ed13e9bb423fa58b6e
Commit Graph

19 Commits

Author SHA1 Message Date
Pale Moon 16e32d1441 Remove certificate issuer organization to common name fallback 
Before this change, if a certificate's issuer DN did not have an organization component,
nsIX509Cert.issuerOrganization would fall back to using the issuer common name.
This was never a good idea, because this gave misleading information to consumers of
this interface. Furthermore, it appears that all consumers of this interface already do such
a fallback (for display purposes) when they've determined that it's a reasonable thing to do.
 2018-07-25 09:21:06 +08:00
Pale Moon d344967b34 Pretty-print ECDSA-SHA224, 256, 384 and 512 hashed signatures. 
This resolves #1412.
 2018-07-25 09:20:59 +08:00
janekptacijarabaci c28d046daf Security - Unsafe negotiation warning with TLS 1.3 2018-07-25 07:15:50 +08:00
janekptacijarabaci ef825bd0c8 Security - added support for TLS 1.3 (the next part) 2018-07-25 07:11:32 +08:00
janekptacijarabaci b8198c3a89 Security - added support for TLS 1.3 2018-07-25 07:11:26 +08:00
Pale Moon f543949da5 Remove duplicate callback case statements. 2018-07-25 06:59:05 +08:00
Pale Moon c9ad97a8f5 Add support for RSA+AES+SHA256/384 suites for web compatibility. 
This adds the following suites for web compatibility despite the
deprecated RSA key exchange that makes little sense with a
very strong HMAC or GCM:

TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_128_CBC_SHA256

Only the 256-bit ones are enabled by default.
 2018-07-25 06:58:58 +08:00
Pale Moon c9c81ca7c3 Restore missing RSA+Camellia suites. 2018-07-25 06:58:56 +08:00
Pale Moon e4f0d12b2c Enable AES256-GCM for accessibility to overly-strict sites that do not offer ChaCha20. 2018-07-25 06:50:59 +08:00
Pale Moon 348757ed67 Extend {EnabledWeakCiphers} bit field to allow more cipher suites. 2018-07-25 06:50:53 +08:00
Pale Moon 36fc143339 Add AES256-GCM suites to secmanager. 
Disabled by default for known wasted performance (40%) on a suite weaker to key attacks than AES128.
 2018-07-25 06:50:51 +08:00
Pale Moon 8df1603dfd Enable ChaCha20-Poly1305 suites. 2018-07-25 06:50:49 +08:00
Pale Moon 5546cc421e Temporarily disable Camellia-GCM suites in secmanager. 2018-07-25 06:50:45 +08:00
wolfbeast 131363dc30 Fix SSL status ambiguity. 
- Adds CipherSuite string with the full suite
- Changes CipherName to be the actual cipher name instead of the (erroneous) full suite like Firefox does.

This is a reimplementation of 811ce3ff4939b7ece26ad5f99878fc58b92edf7c for Tycho.
 2018-07-25 00:55:11 +08:00
wolfbeast edcc56de80 Hook up less common cipher suites + move RC4 to disabled section. 2018-07-24 23:11:55 +08:00
wolfbeast f1ad132236 Update TLS intolerant fallback handling: 
- Disable false starts
- Disable fallback to RC4
- Update whitelist that should override the default for insecure fallbacks
 2018-07-24 23:11:55 +08:00
wolfbeast e52817d90a Security: Hook up Camellia ciphers, disable RC4. 2018-07-24 23:11:54 +08:00
wolfbeast 5ee6187aad Prep tree for forward-porting Goanna, stage 1 2018-07-24 23:10:50 +08:00
Moonchild baf46a6bf1 Merge pull request #1 from mozilla/esr38: Esr38 upstream pull 2018-07-24 23:04:07 +08:00