mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-24 21:31:04 +00:00
2a64c08522
Chrome has removed 3DES completely[0], but we're still seeing some uses of it in telemetry. Our assumption is that this is either due to old devices that can't be upgraded, and hence probably use TLS 1.0, or servers that bafflingly choose 3DES when there are other, better, ciphersuites in common. This patch allows 3DES to only be enabled when deprecated versions of TLS are enabled. This should protect users against the latter case (where 3DES is unnecessary) while allowing them to use it in the former case (where it may be necessary). NB: The only 3DES ciphersuite gecko makes possible to enable is TLS_RSA_WITH_3DES_EDE_CBC_SHA. This patch also changes the preference corresponding to this ciphersuite from "security.ssl3.rsa_des_ede3_sha" to "security.ssl3.deprecated.rsa_des_ede3_sha". [0] https://www.chromestatus.com/feature/6678134168485888 Differential Revision: https://phabricator.services.mozilla.com/D121797 |
||
|---|---|---|
| .. | ||
| apps | ||
| certverifier | ||
| ct | ||
| mac/hardenedruntime | ||
| manager | ||
| nss | ||
| rlbox | ||
| sandbox | ||
| .eslintrc.js | ||
| generate_certdata.py | ||
| generate_mapfile.py | ||
| moz.build | ||
| nss.symbols | ||