Bug 1284840 - Don't forget TLS intolerance when a DHE-based cipher is used. r=keeler

MozReview-Commit-ID: 70pa7lCLAxQ

--HG--
extra : rebase_source : f7ac3984139ebab86997041550e255c80a90fda2

security/manager/ssl/nsNSSCallbacks.cpp

@@ -1104,7 +1104,7 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
                                            infoObject->GetPort(),
                                            versions.max);
 
-  bool usesWeakCipher = false;
+  bool usesFallbackCipher = false;
   SSLChannelInfo channelInfo;
   rv = SSL_GetChannelInfo(fd, &channelInfo, sizeof(channelInfo));
   MOZ_ASSERT(rv == SECSuccess);
@@ -1124,7 +1124,7 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
                                 sizeof cipherInfo);
     MOZ_ASSERT(rv == SECSuccess);
     if (rv == SECSuccess) {
-      usesWeakCipher = cipherInfo.symCipher == ssl_calg_rc4;
+      usesFallbackCipher = cipherInfo.keaType == ssl_kea_dh;
 
       // keyExchange null=0, rsa=1, dh=2, fortezza=3, ecdh=4
       Telemetry::Accumulate(
@@ -1207,20 +1207,19 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
                                                              status);
 
   uint32_t state;
-  if (usesWeakCipher || renegotiationUnsafe) {
+  if (renegotiationUnsafe) {
     state = nsIWebProgressListener::STATE_IS_BROKEN;
-    if (usesWeakCipher) {
-      state |= nsIWebProgressListener::STATE_USES_WEAK_CRYPTO;
-    }
   } else {
     state = nsIWebProgressListener::STATE_IS_SECURE |
             nsIWebProgressListener::STATE_SECURE_HIGH;
-    SSLVersionRange defVersion;
-    rv = SSL_VersionRangeGetDefault(ssl_variant_stream, &defVersion);
-    if (rv == SECSuccess && versions.max >= defVersion.max) {
-      // we know this site no longer requires a weak cipher
-      ioLayerHelpers.removeInsecureFallbackSite(infoObject->GetHostName(),
-                                                infoObject->GetPort());
+    if (!usesFallbackCipher) {
+      SSLVersionRange defVersion;
+      rv = SSL_VersionRangeGetDefault(ssl_variant_stream, &defVersion);
+      if (rv == SECSuccess && versions.max >= defVersion.max) {
+        // we know this site no longer requires a fallback cipher
+        ioLayerHelpers.removeInsecureFallbackSite(infoObject->GetHostName(),
+                                                  infoObject->GetPort());
+      }
     }
   }
 

security/manager/ssl/tests/unit/test_fallback_cipher.js

@@ -224,11 +224,17 @@ add_task(function* () {
   // retry manually to simulate the HTTP layer
   yield startClient("server: fallback only, client: fallback enabled retry, public",
                     port, Cr.NS_OK);
+  // make sure that we remember the TLS intolerance
+  yield startClient("server: fallback only, client: second try after fallback success, public",
+                    port, Cr.NS_OK);
   yield startClient("server: fallback only, client: fallback enabled, private",
                     port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
                     {isPrivate: true, allowReset: true});
   yield startClient("server: fallback only, client: fallback enabled retry, private",
                     port, Cr.NS_OK, {isPrivate: true});
+  // make sure that we remember the TLS intolerance
+  yield startClient("server: fallback only, client: second try after fallback success, private",
+                    port, Cr.NS_OK);
 });
 
 do_register_cleanup(function() {