mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-17 15:25:52 +00:00
Backed out changeset 4f793a75cd93 (bug 1724072) for geckoview failures . CLOSED TREE
This commit is contained in:
parent
12bf02b2bc
commit
625f7a5de1
@ -6,7 +6,6 @@
|
|||||||
const SSL3_PAGE = "https://ssl3.example.com/";
|
const SSL3_PAGE = "https://ssl3.example.com/";
|
||||||
const TLS10_PAGE = "https://tls1.example.com/";
|
const TLS10_PAGE = "https://tls1.example.com/";
|
||||||
const TLS12_PAGE = "https://tls12.example.com/";
|
const TLS12_PAGE = "https://tls12.example.com/";
|
||||||
const TRIPLEDES_PAGE = "https://3des.example.com/";
|
|
||||||
|
|
||||||
// This includes all the cipher suite prefs we have.
|
// This includes all the cipher suite prefs we have.
|
||||||
const CIPHER_SUITE_PREFS = [
|
const CIPHER_SUITE_PREFS = [
|
||||||
@ -26,7 +25,7 @@ const CIPHER_SUITE_PREFS = [
|
|||||||
"security.ssl3.rsa_aes_256_sha",
|
"security.ssl3.rsa_aes_256_sha",
|
||||||
"security.ssl3.rsa_aes_128_gcm_sha256",
|
"security.ssl3.rsa_aes_128_gcm_sha256",
|
||||||
"security.ssl3.rsa_aes_256_gcm_sha384",
|
"security.ssl3.rsa_aes_256_gcm_sha384",
|
||||||
"security.ssl3.deprecated.rsa_des_ede3_sha",
|
"security.ssl3.rsa_des_ede3_sha",
|
||||||
"security.tls13.aes_128_gcm_sha256",
|
"security.tls13.aes_128_gcm_sha256",
|
||||||
"security.tls13.aes_256_gcm_sha384",
|
"security.tls13.aes_256_gcm_sha384",
|
||||||
"security.tls13.chacha20_poly1305_sha256",
|
"security.tls13.chacha20_poly1305_sha256",
|
||||||
@ -37,9 +36,6 @@ function resetPrefs() {
|
|||||||
Services.prefs.clearUserPref("security.tls.version.max");
|
Services.prefs.clearUserPref("security.tls.version.max");
|
||||||
Services.prefs.clearUserPref("security.tls.version.enable-deprecated");
|
Services.prefs.clearUserPref("security.tls.version.enable-deprecated");
|
||||||
Services.prefs.clearUserPref("security.certerrors.tls.version.show-override");
|
Services.prefs.clearUserPref("security.certerrors.tls.version.show-override");
|
||||||
CIPHER_SUITE_PREFS.forEach(suitePref => {
|
|
||||||
Services.prefs.clearUserPref(suitePref);
|
|
||||||
});
|
|
||||||
}
|
}
|
||||||
|
|
||||||
add_task(async function resetToDefaultConfig() {
|
add_task(async function resetToDefaultConfig() {
|
||||||
@ -321,41 +317,3 @@ add_task(async function overrideUIPref() {
|
|||||||
resetPrefs();
|
resetPrefs();
|
||||||
BrowserTestUtils.removeTab(gBrowser.selectedTab);
|
BrowserTestUtils.removeTab(gBrowser.selectedTab);
|
||||||
});
|
});
|
||||||
|
|
||||||
// Test that ciphersuites that use 3DES (namely, TLS_RSA_WITH_3DES_EDE_CBC_SHA)
|
|
||||||
// can only be enabled when deprecated TLS is enabled.
|
|
||||||
add_task(async function onlyAllow3DESWithDeprecatedTLS() {
|
|
||||||
// By default, connecting to a server that only uses 3DES should fail.
|
|
||||||
await BrowserTestUtils.withNewTab(
|
|
||||||
{ gBrowser, url: "about:blank" },
|
|
||||||
async browser => {
|
|
||||||
BrowserTestUtils.loadURI(browser, TRIPLEDES_PAGE);
|
|
||||||
await BrowserTestUtils.waitForErrorPage(browser);
|
|
||||||
}
|
|
||||||
);
|
|
||||||
|
|
||||||
// Enabling deprecated TLS should also enable 3DES.
|
|
||||||
Services.prefs.setBoolPref("security.tls.version.enable-deprecated", true);
|
|
||||||
await BrowserTestUtils.withNewTab(
|
|
||||||
{ gBrowser, url: "about:blank" },
|
|
||||||
async browser => {
|
|
||||||
BrowserTestUtils.loadURI(browser, TRIPLEDES_PAGE);
|
|
||||||
await BrowserTestUtils.browserLoaded(browser, false, TRIPLEDES_PAGE);
|
|
||||||
}
|
|
||||||
);
|
|
||||||
|
|
||||||
// 3DES can be disabled separately.
|
|
||||||
Services.prefs.setBoolPref(
|
|
||||||
"security.ssl3.deprecated.rsa_des_ede3_sha",
|
|
||||||
false
|
|
||||||
);
|
|
||||||
await BrowserTestUtils.withNewTab(
|
|
||||||
{ gBrowser, url: "about:blank" },
|
|
||||||
async browser => {
|
|
||||||
BrowserTestUtils.loadURI(browser, TRIPLEDES_PAGE);
|
|
||||||
await BrowserTestUtils.waitForErrorPage(browser);
|
|
||||||
}
|
|
||||||
);
|
|
||||||
|
|
||||||
resetPrefs();
|
|
||||||
});
|
|
||||||
|
@ -554,7 +554,7 @@ var Policies = {
|
|||||||
}
|
}
|
||||||
if ("TLS_RSA_WITH_3DES_EDE_CBC_SHA" in param) {
|
if ("TLS_RSA_WITH_3DES_EDE_CBC_SHA" in param) {
|
||||||
setAndLockPref(
|
setAndLockPref(
|
||||||
"security.ssl3.deprecated.rsa_des_ede3_sha",
|
"security.ssl3.rsa_des_ede3_sha",
|
||||||
!param.TLS_RSA_WITH_3DES_EDE_CBC_SHA
|
!param.TLS_RSA_WITH_3DES_EDE_CBC_SHA
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
@ -755,7 +755,7 @@ const POLICIES_TESTS = [
|
|||||||
"security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256": true,
|
"security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256": true,
|
||||||
"security.ssl3.rsa_aes_128_sha": true,
|
"security.ssl3.rsa_aes_128_sha": true,
|
||||||
"security.ssl3.rsa_aes_256_sha": true,
|
"security.ssl3.rsa_aes_256_sha": true,
|
||||||
"security.ssl3.deprecated.rsa_des_ede3_sha": true,
|
"security.ssl3.rsa_des_ede3_sha": true,
|
||||||
"security.ssl3.rsa_aes_128_gcm_sha256": true,
|
"security.ssl3.rsa_aes_128_gcm_sha256": true,
|
||||||
"security.ssl3.rsa_aes_256_gcm_sha384": true,
|
"security.ssl3.rsa_aes_256_gcm_sha384": true,
|
||||||
},
|
},
|
||||||
@ -786,7 +786,7 @@ const POLICIES_TESTS = [
|
|||||||
"security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256": false,
|
"security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256": false,
|
||||||
"security.ssl3.rsa_aes_128_sha": false,
|
"security.ssl3.rsa_aes_128_sha": false,
|
||||||
"security.ssl3.rsa_aes_256_sha": false,
|
"security.ssl3.rsa_aes_256_sha": false,
|
||||||
"security.ssl3.deprecated.rsa_des_ede3_sha": false,
|
"security.ssl3.rsa_des_ede3_sha": false,
|
||||||
"security.ssl3.rsa_aes_128_gcm_sha256": false,
|
"security.ssl3.rsa_aes_128_gcm_sha256": false,
|
||||||
"security.ssl3.rsa_aes_256_gcm_sha384": false,
|
"security.ssl3.rsa_aes_256_gcm_sha384": false,
|
||||||
},
|
},
|
||||||
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
@ -317,9 +317,10 @@ https://sha256ee.example.com:443 privileged,cer
|
|||||||
# Hosts for imminent distrust warning tests
|
# Hosts for imminent distrust warning tests
|
||||||
https://imminently-distrusted.example.com:443 privileged,cert=imminently_distrusted
|
https://imminently-distrusted.example.com:443 privileged,cert=imminently_distrusted
|
||||||
|
|
||||||
# Hosts for ssl3/3des/tls1 warning tests
|
# Hosts for ssl3/rc4/tls1 warning tests
|
||||||
https://ssl3.example.com:443 privileged,ssl3
|
https://ssl3.example.com:443 privileged,ssl3
|
||||||
https://3des.example.com:443 privileged,3des,tls1,tls1_2
|
https://rc4.example.com:443 privileged,rc4
|
||||||
|
https://ssl3rc4.example.com:443 privileged,ssl3,rc4
|
||||||
https://tls1.example.com:443 privileged,tls1
|
https://tls1.example.com:443 privileged,tls1
|
||||||
https://tls11.example.com:443 privileged,tls1_1
|
https://tls11.example.com:443 privileged,tls1_1
|
||||||
https://tls12.example.com:443 privileged,tls1_2
|
https://tls12.example.com:443 privileged,tls1_2
|
||||||
|
@ -53,7 +53,7 @@ pref("security.ssl3.rsa_aes_128_sha", true);
|
|||||||
pref("security.ssl3.rsa_aes_256_sha", true);
|
pref("security.ssl3.rsa_aes_256_sha", true);
|
||||||
pref("security.ssl3.rsa_aes_128_gcm_sha256", true);
|
pref("security.ssl3.rsa_aes_128_gcm_sha256", true);
|
||||||
pref("security.ssl3.rsa_aes_256_gcm_sha384", true);
|
pref("security.ssl3.rsa_aes_256_gcm_sha384", true);
|
||||||
pref("security.ssl3.deprecated.rsa_des_ede3_sha", true);
|
pref("security.ssl3.rsa_des_ede3_sha", true);
|
||||||
|
|
||||||
pref("security.content.signature.root_hash",
|
pref("security.content.signature.root_hash",
|
||||||
"97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E");
|
"97:E8:BA:9C:F1:2F:B3:DE:53:CC:42:A4:E6:57:7E:D6:4D:F4:93:C2:47:B4:14:FE:A0:36:81:8D:38:23:56:0E");
|
||||||
|
@ -1024,7 +1024,7 @@ nsresult LoadLoadableCertsTask::LoadLoadableRoots() {
|
|||||||
// Table of pref names and SSL cipher ID
|
// Table of pref names and SSL cipher ID
|
||||||
typedef struct {
|
typedef struct {
|
||||||
const char* pref;
|
const char* pref;
|
||||||
int32_t id;
|
long id;
|
||||||
bool enabledByDefault;
|
bool enabledByDefault;
|
||||||
} CipherPref;
|
} CipherPref;
|
||||||
|
|
||||||
@ -1075,13 +1075,12 @@ static const CipherPref sCipherPrefs[] = {
|
|||||||
true}, // deprecated (RSA key exchange)
|
true}, // deprecated (RSA key exchange)
|
||||||
{"security.ssl3.rsa_aes_256_sha", TLS_RSA_WITH_AES_256_CBC_SHA,
|
{"security.ssl3.rsa_aes_256_sha", TLS_RSA_WITH_AES_256_CBC_SHA,
|
||||||
true}, // deprecated (RSA key exchange)
|
true}, // deprecated (RSA key exchange)
|
||||||
};
|
{"security.ssl3.rsa_des_ede3_sha", TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
||||||
|
true}, // deprecated (RSA key exchange, 3DES)
|
||||||
|
|
||||||
// These ciphersuites can only be enabled if deprecated versions of TLS are
|
// All the rest are disabled
|
||||||
// also enabled (via the preference "security.tls.version.enable-deprecated").
|
|
||||||
static const CipherPref sDeprecatedTLS1CipherPrefs[] = {
|
{nullptr, 0} // end marker
|
||||||
{"security.ssl3.deprecated.rsa_des_ede3_sha", TLS_RSA_WITH_3DES_EDE_CBC_SHA,
|
|
||||||
true},
|
|
||||||
};
|
};
|
||||||
|
|
||||||
// This function will convert from pref values like 1, 2, ...
|
// This function will convert from pref values like 1, 2, ...
|
||||||
@ -1358,25 +1357,6 @@ nsresult CipherSuiteChangeObserver::StartObserve() {
|
|||||||
return NS_OK;
|
return NS_OK;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Enables or disabled ciphersuites from deprecated versions of TLS as
|
|
||||||
// appropriate. If security.tls.version.enable-deprecated is true, these
|
|
||||||
// ciphersuites may be enabled, if the corresponding preference is true.
|
|
||||||
// Otherwise, these ciphersuites will be disabled.
|
|
||||||
void SetDeprecatedTLS1CipherPrefs() {
|
|
||||||
if (Preferences::GetBool("security.tls.version.enable-deprecated", false)) {
|
|
||||||
for (const auto& deprecatedTLS1CipherPref : sDeprecatedTLS1CipherPrefs) {
|
|
||||||
bool cipherEnabled =
|
|
||||||
Preferences::GetBool(deprecatedTLS1CipherPref.pref,
|
|
||||||
deprecatedTLS1CipherPref.enabledByDefault);
|
|
||||||
SSL_CipherPrefSetDefault(deprecatedTLS1CipherPref.id, cipherEnabled);
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
for (const auto& deprecatedTLS1CipherPref : sDeprecatedTLS1CipherPrefs) {
|
|
||||||
SSL_CipherPrefSetDefault(deprecatedTLS1CipherPref.id, false);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
nsresult CipherSuiteChangeObserver::Observe(nsISupports* /*aSubject*/,
|
nsresult CipherSuiteChangeObserver::Observe(nsISupports* /*aSubject*/,
|
||||||
const char* aTopic,
|
const char* aTopic,
|
||||||
const char16_t* someData) {
|
const char16_t* someData) {
|
||||||
@ -1386,16 +1366,16 @@ nsresult CipherSuiteChangeObserver::Observe(nsISupports* /*aSubject*/,
|
|||||||
if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
|
if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
|
||||||
NS_ConvertUTF16toUTF8 prefName(someData);
|
NS_ConvertUTF16toUTF8 prefName(someData);
|
||||||
// Look through the cipher table and set according to pref setting
|
// Look through the cipher table and set according to pref setting
|
||||||
for (const auto& cipherPref : sCipherPrefs) {
|
const CipherPref* const cp = sCipherPrefs;
|
||||||
if (prefName.Equals(cipherPref.pref)) {
|
for (size_t i = 0; cp[i].pref; ++i) {
|
||||||
|
if (prefName.Equals(cp[i].pref)) {
|
||||||
bool cipherEnabled =
|
bool cipherEnabled =
|
||||||
Preferences::GetBool(cipherPref.pref, cipherPref.enabledByDefault);
|
Preferences::GetBool(cp[i].pref, cp[i].enabledByDefault);
|
||||||
SSL_CipherPrefSetDefault(cipherPref.id, cipherEnabled);
|
SSL_CipherPrefSetDefault(cp[i].id, cipherEnabled);
|
||||||
|
nsNSSComponent::DoClearSSLExternalAndInternalSessionCache();
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
SetDeprecatedTLS1CipherPrefs();
|
|
||||||
nsNSSComponent::DoClearSSLExternalAndInternalSessionCache();
|
|
||||||
} else if (nsCRT::strcmp(aTopic, NS_XPCOM_SHUTDOWN_OBSERVER_ID) == 0) {
|
} else if (nsCRT::strcmp(aTopic, NS_XPCOM_SHUTDOWN_OBSERVER_ID) == 0) {
|
||||||
Preferences::RemoveObserver(this, "security.");
|
Preferences::RemoveObserver(this, "security.");
|
||||||
MOZ_ASSERT(sObserver.get() == this);
|
MOZ_ASSERT(sObserver.get() == this);
|
||||||
@ -2749,14 +2729,13 @@ nsresult InitializeCipherSuite() {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Now only set SSL/TLS ciphers we knew about at compile time
|
// Now only set SSL/TLS ciphers we knew about at compile time
|
||||||
for (const auto& cipherPref : sCipherPrefs) {
|
const CipherPref* const cp = sCipherPrefs;
|
||||||
|
for (size_t i = 0; cp[i].pref; ++i) {
|
||||||
bool cipherEnabled =
|
bool cipherEnabled =
|
||||||
Preferences::GetBool(cipherPref.pref, cipherPref.enabledByDefault);
|
Preferences::GetBool(cp[i].pref, cp[i].enabledByDefault);
|
||||||
SSL_CipherPrefSetDefault(cipherPref.id, cipherEnabled);
|
SSL_CipherPrefSetDefault(cp[i].id, cipherEnabled);
|
||||||
}
|
}
|
||||||
|
|
||||||
SetDeprecatedTLS1CipherPrefs();
|
|
||||||
|
|
||||||
// Enable ciphers for PKCS#12
|
// Enable ciphers for PKCS#12
|
||||||
SEC_PKCS12EnableCipher(PKCS12_RC4_40, 1);
|
SEC_PKCS12EnableCipher(PKCS12_RC4_40, 1);
|
||||||
SEC_PKCS12EnableCipher(PKCS12_RC4_128, 1);
|
SEC_PKCS12EnableCipher(PKCS12_RC4_128, 1);
|
||||||
|
@ -684,7 +684,7 @@ class SSLTunnel:
|
|||||||
"tls1_2",
|
"tls1_2",
|
||||||
"tls1_3",
|
"tls1_3",
|
||||||
"ssl3",
|
"ssl3",
|
||||||
"3des",
|
"rc4",
|
||||||
"failHandshake",
|
"failHandshake",
|
||||||
):
|
):
|
||||||
config.write(
|
config.write(
|
||||||
|
@ -146,7 +146,7 @@ struct server_info_t {
|
|||||||
PLHashTable* host_tls11_table;
|
PLHashTable* host_tls11_table;
|
||||||
PLHashTable* host_tls12_table;
|
PLHashTable* host_tls12_table;
|
||||||
PLHashTable* host_tls13_table;
|
PLHashTable* host_tls13_table;
|
||||||
PLHashTable* host_3des_table;
|
PLHashTable* host_rc4_table;
|
||||||
PLHashTable* host_failhandshake_table;
|
PLHashTable* host_failhandshake_table;
|
||||||
};
|
};
|
||||||
|
|
||||||
@ -245,7 +245,7 @@ void SignalShutdown() {
|
|||||||
// available flags
|
// available flags
|
||||||
enum {
|
enum {
|
||||||
USE_SSL3 = 1 << 0,
|
USE_SSL3 = 1 << 0,
|
||||||
USE_3DES = 1 << 1,
|
USE_RC4 = 1 << 1,
|
||||||
FAIL_HANDSHAKE = 1 << 2,
|
FAIL_HANDSHAKE = 1 << 2,
|
||||||
USE_TLS1 = 1 << 3,
|
USE_TLS1 = 1 << 3,
|
||||||
USE_TLS1_1 = 1 << 4,
|
USE_TLS1_1 = 1 << 4,
|
||||||
@ -306,8 +306,8 @@ bool ReadConnectRequest(server_info_t* server_info, relayBuffer& buffer,
|
|||||||
*flags |= USE_SSL3;
|
*flags |= USE_SSL3;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (PL_HashTableLookup(server_info->host_3des_table, token)) {
|
if (PL_HashTableLookup(server_info->host_rc4_table, token)) {
|
||||||
*flags |= USE_3DES;
|
*flags |= USE_RC4;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (PL_HashTableLookup(server_info->host_tls1_table, token)) {
|
if (PL_HashTableLookup(server_info->host_tls1_table, token)) {
|
||||||
@ -444,13 +444,20 @@ bool ConfigureSSLServerSocket(PRFileDesc* socket, server_info_t* si,
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (flags & USE_3DES) {
|
if (flags & USE_RC4) {
|
||||||
for (uint16_t i = 0; i < SSL_NumImplementedCiphers; ++i) {
|
for (uint16_t i = 0; i < SSL_NumImplementedCiphers; ++i) {
|
||||||
uint16_t cipher_id = SSL_ImplementedCiphers[i];
|
uint16_t cipher_id = SSL_ImplementedCiphers[i];
|
||||||
if (cipher_id == TLS_RSA_WITH_3DES_EDE_CBC_SHA) {
|
switch (cipher_id) {
|
||||||
SSL_CipherPrefSet(ssl_socket, cipher_id, true);
|
case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA:
|
||||||
} else {
|
case TLS_ECDHE_RSA_WITH_RC4_128_SHA:
|
||||||
SSL_CipherPrefSet(ssl_socket, cipher_id, false);
|
case TLS_RSA_WITH_RC4_128_SHA:
|
||||||
|
case TLS_RSA_WITH_RC4_128_MD5:
|
||||||
|
SSL_CipherPrefSet(ssl_socket, cipher_id, true);
|
||||||
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
SSL_CipherPrefSet(ssl_socket, cipher_id, false);
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -765,7 +772,7 @@ void HandleConnection(void* data) {
|
|||||||
match_hostname, &match);
|
match_hostname, &match);
|
||||||
PL_HashTableEnumerateEntries(ci->server_info->host_tls13_table,
|
PL_HashTableEnumerateEntries(ci->server_info->host_tls13_table,
|
||||||
match_hostname, &match);
|
match_hostname, &match);
|
||||||
PL_HashTableEnumerateEntries(ci->server_info->host_3des_table,
|
PL_HashTableEnumerateEntries(ci->server_info->host_rc4_table,
|
||||||
match_hostname, &match);
|
match_hostname, &match);
|
||||||
PL_HashTableEnumerateEntries(
|
PL_HashTableEnumerateEntries(
|
||||||
ci->server_info->host_failhandshake_table, match_hostname,
|
ci->server_info->host_failhandshake_table, match_hostname,
|
||||||
@ -1036,8 +1043,8 @@ PLHashTable* get_tls13_table(server_info_t* server) {
|
|||||||
return server->host_tls13_table;
|
return server->host_tls13_table;
|
||||||
}
|
}
|
||||||
|
|
||||||
PLHashTable* get_3des_table(server_info_t* server) {
|
PLHashTable* get_rc4_table(server_info_t* server) {
|
||||||
return server->host_3des_table;
|
return server->host_rc4_table;
|
||||||
}
|
}
|
||||||
|
|
||||||
PLHashTable* get_failhandshake_table(server_info_t* server) {
|
PLHashTable* get_failhandshake_table(server_info_t* server) {
|
||||||
@ -1253,11 +1260,11 @@ int processConfigLine(char* configLine) {
|
|||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
server.host_3des_table =
|
server.host_rc4_table =
|
||||||
PL_NewHashTable(0, PL_HashString, PL_CompareStrings,
|
PL_NewHashTable(0, PL_HashString, PL_CompareStrings,
|
||||||
PL_CompareStrings, nullptr, nullptr);
|
PL_CompareStrings, nullptr, nullptr);
|
||||||
;
|
;
|
||||||
if (!server.host_3des_table) {
|
if (!server.host_rc4_table) {
|
||||||
LOG_ERROR(("Internal, could not create hash table\n"));
|
LOG_ERROR(("Internal, could not create hash table\n"));
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
@ -1405,8 +1412,8 @@ int processConfigLine(char* configLine) {
|
|||||||
return parseWeakCryptoConfig(keyword, _caret, get_tls13_table);
|
return parseWeakCryptoConfig(keyword, _caret, get_tls13_table);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!strcmp(keyword, "3des")) {
|
if (!strcmp(keyword, "rc4")) {
|
||||||
return parseWeakCryptoConfig(keyword, _caret, get_3des_table);
|
return parseWeakCryptoConfig(keyword, _caret, get_rc4_table);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!strcmp(keyword, "failHandshake")) {
|
if (!strcmp(keyword, "failHandshake")) {
|
||||||
@ -1500,7 +1507,7 @@ int freeTLSHashItems(PLHashEntry* he, int i, void* arg) {
|
|||||||
return HT_ENUMERATE_REMOVE;
|
return HT_ENUMERATE_REMOVE;
|
||||||
}
|
}
|
||||||
|
|
||||||
int free3DESHashItems(PLHashEntry* he, int i, void* arg) {
|
int freeRC4HashItems(PLHashEntry* he, int i, void* arg) {
|
||||||
delete[](char*) he->key;
|
delete[](char*) he->key;
|
||||||
return HT_ENUMERATE_REMOVE;
|
return HT_ENUMERATE_REMOVE;
|
||||||
}
|
}
|
||||||
@ -1655,10 +1662,10 @@ int main(int argc, char** argv) {
|
|||||||
nullptr);
|
nullptr);
|
||||||
PL_HashTableEnumerateEntries(server.host_tls13_table, freeTLSHashItems,
|
PL_HashTableEnumerateEntries(server.host_tls13_table, freeTLSHashItems,
|
||||||
nullptr);
|
nullptr);
|
||||||
PL_HashTableEnumerateEntries(server.host_3des_table, free3DESHashItems,
|
PL_HashTableEnumerateEntries(server.host_rc4_table, freeRC4HashItems,
|
||||||
nullptr);
|
nullptr);
|
||||||
PL_HashTableEnumerateEntries(server.host_failhandshake_table,
|
PL_HashTableEnumerateEntries(server.host_failhandshake_table,
|
||||||
free3DESHashItems, nullptr);
|
freeRC4HashItems, nullptr);
|
||||||
PL_HashTableDestroy(server.host_cert_table);
|
PL_HashTableDestroy(server.host_cert_table);
|
||||||
PL_HashTableDestroy(server.host_clientauth_table);
|
PL_HashTableDestroy(server.host_clientauth_table);
|
||||||
PL_HashTableDestroy(server.host_redir_table);
|
PL_HashTableDestroy(server.host_redir_table);
|
||||||
@ -1667,7 +1674,7 @@ int main(int argc, char** argv) {
|
|||||||
PL_HashTableDestroy(server.host_tls11_table);
|
PL_HashTableDestroy(server.host_tls11_table);
|
||||||
PL_HashTableDestroy(server.host_tls12_table);
|
PL_HashTableDestroy(server.host_tls12_table);
|
||||||
PL_HashTableDestroy(server.host_tls13_table);
|
PL_HashTableDestroy(server.host_tls13_table);
|
||||||
PL_HashTableDestroy(server.host_3des_table);
|
PL_HashTableDestroy(server.host_rc4_table);
|
||||||
PL_HashTableDestroy(server.host_failhandshake_table);
|
PL_HashTableDestroy(server.host_failhandshake_table);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user