Index: net/socket/nss_ssl_util.cc |
=================================================================== |
--- net/socket/nss_ssl_util.cc (revision 215189) |
+++ net/socket/nss_ssl_util.cc (working copy) |
@@ -58,12 +58,13 @@ |
enabled = false; |
// Trim the list of cipher suites in order to keep the size of the |
- // ClientHello down. DSS, ECDH, CAMELLIA, SEED and ECC+3DES cipher |
- // suites are disabled. |
+ // ClientHello down. DSS, ECDH, CAMELLIA, SEED, ECC+3DES, and |
+ // HMAC-SHA256 cipher suites are disabled. |
if (info.symCipher == ssl_calg_camellia || |
info.symCipher == ssl_calg_seed || |
(info.symCipher == ssl_calg_3des && info.keaType != ssl_kea_rsa) || |
info.authAlgorithm == ssl_auth_dsa || |
+ info.macAlgorithm == ssl_hmac_sha256 || |
info.nonStandard || |
strcmp(info.keaTypeName, "ECDH") == 0) { |
enabled = false; |