Bug 1286694 - Part 2: Add TLS version configuration function to nsITLSServerSocket. r?dragana
MozReview-Commit-ID: CNiDXV9Um27
--- a/netwerk/base/TLSServerSocket.cpp
+++ b/netwerk/base/TLSServerSocket.cpp
@@ -240,16 +240,33 @@ TLSServerSocket::SetCipherSuites(uint16_
if (SSL_CipherPrefSet(mFD, aCipherSuites[i], true) != SECSuccess) {
return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
}
}
return NS_OK;
}
+NS_IMETHODIMP
+TLSServerSocket::SetVersionRange(uint16_t aMinVersion, uint16_t aMaxVersion)
+{
+ // If AsyncListen was already called (and set mListener), it's too late to set
+ // this.
+ if (NS_WARN_IF(mListener)) {
+ return NS_ERROR_IN_PROGRESS;
+ }
+
+ SSLVersionRange range = {aMinVersion, aMaxVersion};
+ if (SSL_VersionRangeSet(mFD, &range) != SECSuccess) {
+ return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
+ }
+
+ return NS_OK;
+}
+
//-----------------------------------------------------------------------------
// TLSServerConnectionInfo
//-----------------------------------------------------------------------------
namespace {
class TLSServerSecurityObserverProxy final : public nsITLSServerSecurityObserver
{
--- a/netwerk/base/nsITLSServerSocket.idl
+++ b/netwerk/base/nsITLSServerSocket.idl
@@ -64,16 +64,28 @@ interface nsITLSServerSocket : nsIServer
/**
* setCipherSuites
*
* The server's cipher suites that is used by the TLS handshake.
* This is required to be set before calling |asyncListen|.
*/
void setCipherSuites([array, size_is(aLength)] in unsigned short aCipherSuites,
in unsigned long aLength);
+
+ /**
+ * setVersionRange
+ *
+ * The server's TLS versions that is used by the TLS handshake.
+ * This is required to be set before calling |asyncListen|.
+ *
+ * aMinVersion and aMaxVersion is a TLS version value from
+ * |nsITLSClientStatus| constants.
+ */
+ void setVersionRange(in unsigned short aMinVersion,
+ in unsigned short aMaxVersion);
};
/**
* Security summary for a given TLS client connection being handled by a
* |nsITLSServerSocket| server.
*
* This is accessible through the security info object on the transport, which
* will be an instance of |nsITLSServerConnectionInfo| (see below).