From 581cb94a73bdddd7849cdeef131a9fb66f385591 Mon Sep 17 00:00:00 2001
From: Cameron Kaiser <classilla@floodgap.com>
Date: Thu, 23 Jan 2020 21:57:30 -0800
Subject: [PATCH] revert #489 (#576): enable CHACHA20/POLY1305, remove
 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 as it is no longer needed

---
 netwerk/base/security-prefs.js          |  4 +++-
 security/manager/ssl/nsNSSComponent.cpp | 10 +++++++---
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/netwerk/base/security-prefs.js b/netwerk/base/security-prefs.js
index 59e11d6d0..a4b48961b 100644
--- a/netwerk/base/security-prefs.js
+++ b/netwerk/base/security-prefs.js
@@ -18,9 +18,11 @@ pref("security.ssl.enable_alpn", true);
 
 pref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true);
 pref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true);
+pref("security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256", true);
+pref("security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256", true);
+pref("security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384", true);
 pref("security.ssl3.ecdhe_rsa_aes_256_gcm_sha384", true);
 pref("security.ssl3.ecdhe_rsa_aes_128_sha", true);
-pref("security.ssl3.ecdhe_rsa_aes_128_sha256", true);
 pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", true);
 pref("security.ssl3.ecdhe_rsa_aes_256_sha", true);
 pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true);
diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp
index 052906ba0..8ab022f9b 100644
--- a/security/manager/ssl/nsNSSComponent.cpp
+++ b/security/manager/ssl/nsNSSComponent.cpp
@@ -620,6 +620,13 @@ static const CipherPref sCipherPrefs[] = {
  { "security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256",
    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, true },
 
+ { "security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256",
+   TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, true },
+ { "security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256",
+   TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, true },
+
+ { "security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384",
+   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, true },
  { "security.ssl3.ecdhe_rsa_aes_256_gcm_sha384",
    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, true },
 
@@ -627,9 +634,6 @@ static const CipherPref sCipherPrefs[] = {
    TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, true },
  { "security.ssl3.ecdhe_ecdsa_aes_128_sha",
    TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, true },
- // stopgap for TenFourFox issue 489 pending ChaCha20/Poly1305 implementation
- { "security.ssl3.ecdhe_rsa_aes_128_sha256",
-   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, true },
 
  { "security.ssl3.ecdhe_rsa_aes_256_sha",
    TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, true },