| Index: net/third_party/nss/patches/deprioritizedhe.patch
|
| ===================================================================
|
| --- net/third_party/nss/patches/deprioritizedhe.patch (revision 0)
|
| +++ net/third_party/nss/patches/deprioritizedhe.patch (revision 0)
|
| @@ -0,0 +1,58 @@
|
| +diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c
|
| +--- a/security/nss/lib/ssl/ssl3con.c
|
| ++++ b/security/nss/lib/ssl/ssl3con.c
|
| +@@ -106,24 +106,24 @@ static SECStatus Null_Cipher(void *ctx,
|
| + static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
|
| + /* cipher_suite policy enabled is_present*/
|
| + #ifdef NSS_ENABLE_ECC
|
| + { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
| + { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
| + #endif /* NSS_ENABLE_ECC */
|
| + { TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
| + { TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
| +- { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
| + { TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
| + #ifdef NSS_ENABLE_ECC
|
| + { TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
| + { TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
| + #endif /* NSS_ENABLE_ECC */
|
| + { TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
| + { TLS_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
| ++ { TLS_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
| +
|
| + #ifdef NSS_ENABLE_ECC
|
| + { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
| + { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
| + { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
| + { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
| + #endif /* NSS_ENABLE_ECC */
|
| + { TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, SSL_NOT_ALLOWED, PR_FALSE,PR_FALSE},
|
| +diff --git a/security/nss/lib/ssl/sslenum.c b/security/nss/lib/ssl/sslenum.c
|
| +--- a/security/nss/lib/ssl/sslenum.c
|
| ++++ b/security/nss/lib/ssl/sslenum.c
|
| +@@ -61,24 +61,24 @@
|
| + const PRUint16 SSL_ImplementedCiphers[] = {
|
| + /* 256-bit */
|
| + #ifdef NSS_ENABLE_ECC
|
| + TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,
|
| + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
|
| + #endif /* NSS_ENABLE_ECC */
|
| + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
| + TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA,
|
| +- TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
|
| + TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
|
| + #ifdef NSS_ENABLE_ECC
|
| + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
|
| + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
|
| + #endif /* NSS_ENABLE_ECC */
|
| + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
| + TLS_RSA_WITH_AES_256_CBC_SHA,
|
| ++ TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
|
| +
|
| + /* 128-bit */
|
| + #ifdef NSS_ENABLE_ECC
|
| + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
|
| + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,
|
| + TLS_ECDHE_RSA_WITH_RC4_128_SHA,
|
| + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
|
| + #endif /* NSS_ENABLE_ECC */
|
|
|
Chromium Code Reviews
Issue 3118002:
List TLS_DHE_RSA_WITH_AES_256_CBC_SHA after... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/