Bug 1248198 - Remove the "security.ssl.enable_npn" pref. r=keeler,mcmanus
MozReview-Commit-ID: J6nYmNAipyL
--- a/netwerk/base/security-prefs.js
+++ b/netwerk/base/security-prefs.js
@@ -9,17 +9,16 @@ pref("security.tls.insecure_fallback_hos
pref("security.tls.unrestricted_rc4_fallback", false);
pref("security.tls.enable_0rtt_data", false);
pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
pref("security.ssl.require_safe_negotiation", false);
pref("security.ssl.enable_ocsp_stapling", true);
pref("security.ssl.enable_false_start", true);
pref("security.ssl.false_start.require-npn", false);
-pref("security.ssl.enable_npn", true);
pref("security.ssl.enable_alpn", true);
pref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true);
pref("security.ssl3.ecdhe_ecdsa_aes_128_gcm_sha256", true);
pref("security.ssl3.ecdhe_ecdsa_chacha20_poly1305_sha256", true);
pref("security.ssl3.ecdhe_rsa_chacha20_poly1305_sha256", true);
pref("security.ssl3.ecdhe_ecdsa_aes_256_gcm_sha384", true);
pref("security.ssl3.ecdhe_rsa_aes_256_gcm_sha384", true);
--- a/security/manager/ssl/nsNSSComponent.cpp
+++ b/security/manager/ssl/nsNSSComponent.cpp
@@ -1424,17 +1424,16 @@ nsNSSComponent::FillTLSVersionRange(SSLV
// fill out rangeOut
rangeOut.min = (uint16_t) minFromPrefs;
rangeOut.max = (uint16_t) maxFromPrefs;
}
static const int32_t OCSP_ENABLED_DEFAULT = 1;
static const bool REQUIRE_SAFE_NEGOTIATION_DEFAULT = false;
static const bool FALSE_START_ENABLED_DEFAULT = true;
-static const bool NPN_ENABLED_DEFAULT = true;
static const bool ALPN_ENABLED_DEFAULT = false;
static const bool ENABLED_0RTT_DATA_DEFAULT = false;
static void
ConfigureTLSSessionIdentifiers()
{
bool disableSessionIdentifiers =
Preferences::GetBool("security.ssl.disable_session_identifiers", false);
@@ -1880,23 +1879,20 @@ nsNSSComponent::InitializeNSS()
SSL_OptionSetDefault(SSL_ENABLE_RENEGOTIATION, SSL_RENEGOTIATE_REQUIRES_XTN);
SSL_OptionSetDefault(SSL_ENABLE_EXTENDED_MASTER_SECRET, true);
SSL_OptionSetDefault(SSL_ENABLE_FALSE_START,
Preferences::GetBool("security.ssl.enable_false_start",
FALSE_START_ENABLED_DEFAULT));
- // SSL_ENABLE_NPN and SSL_ENABLE_ALPN also require calling
- // SSL_SetNextProtoNego in order for the extensions to be negotiated.
- // WebRTC does not do that so it will not use NPN or ALPN even when these
- // preferences are true.
- SSL_OptionSetDefault(SSL_ENABLE_NPN,
- Preferences::GetBool("security.ssl.enable_npn",
- NPN_ENABLED_DEFAULT));
+ // SSL_ENABLE_ALPN also requires calling SSL_SetNextProtoNego in order for
+ // the extensions to be negotiated.
+ // WebRTC does not do that so it will not use ALPN even when this preference
+ // is true.
SSL_OptionSetDefault(SSL_ENABLE_ALPN,
Preferences::GetBool("security.ssl.enable_alpn",
ALPN_ENABLED_DEFAULT));
SSL_OptionSetDefault(SSL_ENABLE_0RTT_DATA,
Preferences::GetBool("security.tls.enable_0rtt_data",
ENABLED_0RTT_DATA_DEFAULT));
@@ -2091,20 +2087,16 @@ nsNSSComponent::Observe(nsISupports* aSu
bool requireSafeNegotiation =
Preferences::GetBool("security.ssl.require_safe_negotiation",
REQUIRE_SAFE_NEGOTIATION_DEFAULT);
SSL_OptionSetDefault(SSL_REQUIRE_SAFE_NEGOTIATION, requireSafeNegotiation);
} else if (prefName.EqualsLiteral("security.ssl.enable_false_start")) {
SSL_OptionSetDefault(SSL_ENABLE_FALSE_START,
Preferences::GetBool("security.ssl.enable_false_start",
FALSE_START_ENABLED_DEFAULT));
- } else if (prefName.EqualsLiteral("security.ssl.enable_npn")) {
- SSL_OptionSetDefault(SSL_ENABLE_NPN,
- Preferences::GetBool("security.ssl.enable_npn",
- NPN_ENABLED_DEFAULT));
} else if (prefName.EqualsLiteral("security.ssl.enable_alpn")) {
SSL_OptionSetDefault(SSL_ENABLE_ALPN,
Preferences::GetBool("security.ssl.enable_alpn",
ALPN_ENABLED_DEFAULT));
} else if (prefName.EqualsLiteral("security.tls.enable_0rtt_data")) {
SSL_OptionSetDefault(SSL_ENABLE_0RTT_DATA,
Preferences::GetBool("security.tls.enable_0rtt_data",
ENABLED_0RTT_DATA_DEFAULT));