mirror of
https://github.com/classilla/tenfourfox.git
synced 2024-10-24 00:27:31 +00:00
This commit is contained in:
parent
41675e9698
commit
14d8add7ca
@ -19,6 +19,7 @@ pref("security.ssl.enable_alpn", true);
|
|||||||
pref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true);
|
pref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true);
|
||||||
pref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true);
|
pref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true);
|
||||||
pref("security.ssl3.ecdhe_rsa_aes_128_sha", true);
|
pref("security.ssl3.ecdhe_rsa_aes_128_sha", true);
|
||||||
|
pref("security.ssl3.ecdhe_rsa_aes_128_sha256", true);
|
||||||
pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", true);
|
pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", true);
|
||||||
pref("security.ssl3.ecdhe_rsa_aes_256_sha", true);
|
pref("security.ssl3.ecdhe_rsa_aes_256_sha", true);
|
||||||
pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true);
|
pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true);
|
||||||
|
@ -30,8 +30,10 @@ using namespace mozilla::psm;
|
|||||||
|
|
||||||
extern PRLogModuleInfo* gPIPNSSLog;
|
extern PRLogModuleInfo* gPIPNSSLog;
|
||||||
|
|
||||||
|
#if (0) // TenFourFox issue 334
|
||||||
static void AccumulateCipherSuite(Telemetry::ID probe,
|
static void AccumulateCipherSuite(Telemetry::ID probe,
|
||||||
const SSLChannelInfo& channelInfo);
|
const SSLChannelInfo& channelInfo);
|
||||||
|
#endif
|
||||||
|
|
||||||
namespace {
|
namespace {
|
||||||
|
|
||||||
@ -1027,6 +1029,7 @@ CanFalseStartCallback(PRFileDesc* fd, void* client_data, PRBool *canFalseStart)
|
|||||||
return SECSuccess;
|
return SECSuccess;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#if(0) // TenFourFox issue 334
|
||||||
static void
|
static void
|
||||||
AccumulateNonECCKeySize(Telemetry::ID probe, uint32_t bits)
|
AccumulateNonECCKeySize(Telemetry::ID probe, uint32_t bits)
|
||||||
{
|
{
|
||||||
@ -1076,6 +1079,7 @@ AccumulateCipherSuite(Telemetry::ID probe, const SSLChannelInfo& channelInfo)
|
|||||||
case TLS_ECDHE_RSA_WITH_RC4_128_SHA: value = 8; break;
|
case TLS_ECDHE_RSA_WITH_RC4_128_SHA: value = 8; break;
|
||||||
case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: value = 9; break;
|
case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: value = 9; break;
|
||||||
case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: value = 10; break;
|
case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: value = 10; break;
|
||||||
|
case TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: value = 11; break; // just in case, issue 489
|
||||||
// DHE key exchange
|
// DHE key exchange
|
||||||
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: value = 21; break;
|
case TLS_DHE_RSA_WITH_AES_128_CBC_SHA: value = 21; break;
|
||||||
case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: value = 22; break;
|
case TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA: value = 22; break;
|
||||||
@ -1114,6 +1118,7 @@ AccumulateCipherSuite(Telemetry::ID probe, const SSLChannelInfo& channelInfo)
|
|||||||
MOZ_ASSERT(value != 0);
|
MOZ_ASSERT(value != 0);
|
||||||
Telemetry::Accumulate(probe, value);
|
Telemetry::Accumulate(probe, value);
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
void HandshakeCallback(PRFileDesc* fd, void* client_data) {
|
void HandshakeCallback(PRFileDesc* fd, void* client_data) {
|
||||||
nsNSSShutDownPreventionLock locker;
|
nsNSSShutDownPreventionLock locker;
|
||||||
@ -1146,6 +1151,7 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
|
|||||||
rv = SSL_GetChannelInfo(fd, &channelInfo, sizeof(channelInfo));
|
rv = SSL_GetChannelInfo(fd, &channelInfo, sizeof(channelInfo));
|
||||||
MOZ_ASSERT(rv == SECSuccess);
|
MOZ_ASSERT(rv == SECSuccess);
|
||||||
if (rv == SECSuccess) {
|
if (rv == SECSuccess) {
|
||||||
|
#if(0) // TenFourFox issue 334
|
||||||
// Get the protocol version for telemetry
|
// Get the protocol version for telemetry
|
||||||
// 1=tls1, 2=tls1.1, 3=tls1.2
|
// 1=tls1, 2=tls1.1, 3=tls1.2
|
||||||
unsigned int versionEnum = channelInfo.protocolVersion & 0xFF;
|
unsigned int versionEnum = channelInfo.protocolVersion & 0xFF;
|
||||||
@ -1155,6 +1161,7 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
|
|||||||
infoObject->IsFullHandshake() ? Telemetry::SSL_CIPHER_SUITE_FULL
|
infoObject->IsFullHandshake() ? Telemetry::SSL_CIPHER_SUITE_FULL
|
||||||
: Telemetry::SSL_CIPHER_SUITE_RESUMED,
|
: Telemetry::SSL_CIPHER_SUITE_RESUMED,
|
||||||
channelInfo);
|
channelInfo);
|
||||||
|
#endif
|
||||||
|
|
||||||
SSLCipherSuiteInfo cipherInfo;
|
SSLCipherSuiteInfo cipherInfo;
|
||||||
rv = SSL_GetCipherSuiteInfo(channelInfo.cipherSuite, &cipherInfo,
|
rv = SSL_GetCipherSuiteInfo(channelInfo.cipherSuite, &cipherInfo,
|
||||||
@ -1163,17 +1170,20 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
|
|||||||
if (rv == SECSuccess) {
|
if (rv == SECSuccess) {
|
||||||
usesWeakCipher = cipherInfo.symCipher == ssl_calg_rc4;
|
usesWeakCipher = cipherInfo.symCipher == ssl_calg_rc4;
|
||||||
|
|
||||||
|
#if(0)
|
||||||
// keyExchange null=0, rsa=1, dh=2, fortezza=3, ecdh=4
|
// keyExchange null=0, rsa=1, dh=2, fortezza=3, ecdh=4
|
||||||
Telemetry::Accumulate(
|
Telemetry::Accumulate(
|
||||||
infoObject->IsFullHandshake()
|
infoObject->IsFullHandshake()
|
||||||
? Telemetry::SSL_KEY_EXCHANGE_ALGORITHM_FULL
|
? Telemetry::SSL_KEY_EXCHANGE_ALGORITHM_FULL
|
||||||
: Telemetry::SSL_KEY_EXCHANGE_ALGORITHM_RESUMED,
|
: Telemetry::SSL_KEY_EXCHANGE_ALGORITHM_RESUMED,
|
||||||
cipherInfo.keaType);
|
cipherInfo.keaType);
|
||||||
|
#endif
|
||||||
|
|
||||||
DebugOnly<int16_t> KEAUsed;
|
DebugOnly<int16_t> KEAUsed;
|
||||||
MOZ_ASSERT(NS_SUCCEEDED(infoObject->GetKEAUsed(&KEAUsed)) &&
|
MOZ_ASSERT(NS_SUCCEEDED(infoObject->GetKEAUsed(&KEAUsed)) &&
|
||||||
(KEAUsed == cipherInfo.keaType));
|
(KEAUsed == cipherInfo.keaType));
|
||||||
|
|
||||||
|
#if(0)
|
||||||
if (infoObject->IsFullHandshake()) {
|
if (infoObject->IsFullHandshake()) {
|
||||||
switch (cipherInfo.keaType) {
|
switch (cipherInfo.keaType) {
|
||||||
case ssl_kea_rsa:
|
case ssl_kea_rsa:
|
||||||
@ -1223,6 +1233,7 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
|
|||||||
? Telemetry::SSL_SYMMETRIC_CIPHER_FULL
|
? Telemetry::SSL_SYMMETRIC_CIPHER_FULL
|
||||||
: Telemetry::SSL_SYMMETRIC_CIPHER_RESUMED,
|
: Telemetry::SSL_SYMMETRIC_CIPHER_RESUMED,
|
||||||
cipherInfo.symCipher);
|
cipherInfo.symCipher);
|
||||||
|
#endif
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -623,6 +623,9 @@ static const CipherPref sCipherPrefs[] = {
|
|||||||
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, true },
|
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, true },
|
||||||
{ "security.ssl3.ecdhe_ecdsa_aes_128_sha",
|
{ "security.ssl3.ecdhe_ecdsa_aes_128_sha",
|
||||||
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, true },
|
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, true },
|
||||||
|
// stopgap for TenFourFox issue 489 pending ChaCha20/Poly1305 implementation
|
||||||
|
{ "security.ssl3.ecdhe_rsa_aes_128_sha256",
|
||||||
|
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, true },
|
||||||
|
|
||||||
{ "security.ssl3.ecdhe_rsa_aes_256_sha",
|
{ "security.ssl3.ecdhe_rsa_aes_256_sha",
|
||||||
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, true },
|
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, true },
|
||||||
|
Loading…
Reference in New Issue
Block a user