mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-27 06:43:32 +00:00
Bug 1304919 - Update WebRTC to latest NSS, r=ekr
MozReview-Commit-ID: Jz9lraGZIyx --HG-- extra : rebase_source : 9b80b600f46ecc04ea9f282342d3a98ef0e915b8 extra : source : f1aace586e14a276cc43dd00111d5c9d04580ea0
This commit is contained in:
parent
b4a425d1e8
commit
54eb5cb215
1
config/external/nss/nss.symbols
vendored
1
config/external/nss/nss.symbols
vendored
@ -673,6 +673,7 @@ SSL_HandshakeCallback
|
||||
SSL_HandshakeNegotiatedExtension
|
||||
SSL_ImplementedCiphers @DATA@
|
||||
SSL_ImportFD
|
||||
SSL_NamedGroupConfig
|
||||
SSL_NumImplementedCiphers @DATA@
|
||||
SSL_OptionSet
|
||||
SSL_OptionSetDefault
|
||||
|
@ -453,6 +453,15 @@ TransportLayerDtls::SetVerificationDigest(const std::string digest_algorithm,
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
// These are the named groups that we will allow.
|
||||
static const SSLNamedGroup NamedGroupPreferences[] = {
|
||||
ssl_grp_ec_curve25519,
|
||||
ssl_grp_ec_secp256r1,
|
||||
ssl_grp_ec_secp384r1,
|
||||
ssl_grp_ffdhe_2048,
|
||||
ssl_grp_ffdhe_3072
|
||||
};
|
||||
|
||||
// TODO: make sure this is called from STS. Otherwise
|
||||
// we have thread safety issues
|
||||
bool TransportLayerDtls::Setup() {
|
||||
@ -587,6 +596,13 @@ bool TransportLayerDtls::Setup() {
|
||||
return false;
|
||||
}
|
||||
|
||||
rv = SSL_NamedGroupConfig(ssl_fd, NamedGroupPreferences,
|
||||
mozilla::ArrayLength(NamedGroupPreferences));
|
||||
if (rv != SECSuccess) {
|
||||
MOZ_MTLOG(ML_ERROR, "Couldn't set named groups");
|
||||
return false;
|
||||
}
|
||||
|
||||
// Certificate validation
|
||||
rv = SSL_AuthCertificateHook(ssl_fd, AuthCertificateHook,
|
||||
reinterpret_cast<void *>(this));
|
||||
@ -691,6 +707,7 @@ static const uint32_t DisabledCiphers[] = {
|
||||
TLS_ECDH_RSA_WITH_RC4_128_SHA,
|
||||
|
||||
TLS_RSA_WITH_AES_128_GCM_SHA256,
|
||||
TLS_RSA_WITH_AES_256_GCM_SHA384,
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA,
|
||||
TLS_RSA_WITH_AES_128_CBC_SHA256,
|
||||
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
|
||||
@ -698,27 +715,18 @@ static const uint32_t DisabledCiphers[] = {
|
||||
TLS_RSA_WITH_AES_256_CBC_SHA256,
|
||||
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
|
||||
TLS_RSA_WITH_SEED_CBC_SHA,
|
||||
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||
TLS_RSA_WITH_RC4_128_SHA,
|
||||
TLS_RSA_WITH_RC4_128_MD5,
|
||||
|
||||
TLS_DHE_RSA_WITH_DES_CBC_SHA,
|
||||
TLS_DHE_DSS_WITH_DES_CBC_SHA,
|
||||
SSL_RSA_FIPS_WITH_DES_CBC_SHA,
|
||||
TLS_RSA_WITH_DES_CBC_SHA,
|
||||
|
||||
TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
|
||||
TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
|
||||
|
||||
TLS_RSA_EXPORT_WITH_RC4_40_MD5,
|
||||
TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
|
||||
|
||||
TLS_ECDHE_ECDSA_WITH_NULL_SHA,
|
||||
TLS_ECDHE_RSA_WITH_NULL_SHA,
|
||||
TLS_ECDH_ECDSA_WITH_NULL_SHA,
|
||||
TLS_ECDH_RSA_WITH_NULL_SHA,
|
||||
|
||||
TLS_RSA_WITH_NULL_SHA,
|
||||
TLS_RSA_WITH_NULL_SHA256,
|
||||
TLS_RSA_WITH_NULL_MD5,
|
||||
|
Loading…
Reference in New Issue
Block a user