Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-12-04 02:57:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1207137 - Set a security state flag when weak crypto override is needed. r=keeler

Browse Source
This commit is contained in:
Masatoshi Kimura 2015-10-17 09:38:30 +09:00
parent 022d2f58de
commit 82af783064
1 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
security/manager/ssl/nsNSSIOLayer.cpp
View File

@ -1111,15 +1111,21 @@ retryDueToTLSIntolerance(PRErrorCode err, nsNSSSocketInfo* socketInfo)
if ((err == SSL_ERROR_NO_CYPHER_OVERLAP || err == PR_END_OF_FILE_ERROR ||
err == PR_CONNECT_RESET_ERROR) &&
(!fallbackLimitReached || helpers.mUnrestrictedRC4Fallback) &&
nsNSSComponent::AreAnyWeakCiphersEnabled()) {
if (helpers.rememberStrongCiphersFailed(socketInfo->GetHostName(),
socketInfo->GetPort(), err)) {
Telemetry::Accumulate(Telemetry::SSL_WEAK_CIPHERS_FALLBACK,
tlsIntoleranceTelemetryBucket(err));
return true;
nsNSSComponent::AreAnyWeakCiphersEnabled()) {
if (!fallbackLimitReached || helpers.mUnrestrictedRC4Fallback) {
if (helpers.rememberStrongCiphersFailed(socketInfo->GetHostName(),
socketInfo->GetPort(), err)) {
Telemetry::Accumulate(Telemetry::SSL_WEAK_CIPHERS_FALLBACK,
tlsIntoleranceTelemetryBucket(err));
return true;
}
Telemetry::Accumulate(Telemetry::SSL_WEAK_CIPHERS_FALLBACK, 0);
} else if (err == SSL_ERROR_NO_CYPHER_OVERLAP) {
// Indicate that the override UI should be shown.
socketInfo->SetSecurityState(
nsIWebProgressListener::STATE_IS_INSECURE |
nsIWebProgressListener::STATE_USES_WEAK_CRYPTO);
}
Telemetry::Accumulate(Telemetry::SSL_WEAK_CIPHERS_FALLBACK, 0);
}
// When not using a proxy we'll see a connection reset error.