Bug 1304926 - Enable specific named groups, r?keeler
MozReview-Commit-ID: KIe6D9iRAXt
--- a/config/external/nss/nss.symbols
+++ b/config/external/nss/nss.symbols
@@ -676,16 +676,17 @@ SSL_ImportFD
SSL_NamedGroupConfig
SSL_NumImplementedCiphers @DATA@
SSL_OptionSet
SSL_OptionSetDefault
SSL_PeerCertificate
SSL_PeerCertificateChain
SSL_PeerStapledOCSPResponses
SSL_ResetHandshake
+SSL_SendAdditionalKeyShares
SSL_SetCanFalseStartCallback
SSL_SetDowngradeCheckVersion
SSL_SetNextProtoNego
SSL_SetPKCS11PinArg
SSL_SetSockPeerID
SSL_SetSRTPCiphers
SSL_SetStapledOCSPResponses
SSL_SetURL
--- a/security/manager/ssl/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/nsNSSIOLayer.cpp
@@ -2487,16 +2487,31 @@ nsSSLIOLayerSetOptions(PRFileDesc* fd, b
}
}
// tell NSS the max enabled version to make anti-downgrade effective
if (SECSuccess != SSL_SetDowngradeCheckVersion(fd, maxEnabledVersion)) {
return NS_ERROR_FAILURE;
}
}
+ // Include a modest set of named groups.
+ const SSLNamedGroup namedGroups[] = {
+ ssl_grp_ec_curve25519, ssl_grp_ec_secp256r1, ssl_grp_ec_secp384r1,
+ ssl_grp_ffdhe_2048, ssl_grp_ffdhe_3072
+ };
+ if (SECSuccess != SSL_NamedGroupConfig(fd, namedGroups,
+ mozilla::ArrayLength(namedGroups))) {
+ return NS_ERROR_FAILURE;
+ }
+ // This ensures that we send key shares for X25519 and P-256 in TLS 1.3, so
+ // that servers are less likely to use HelloRetryRequest.
+ if (SECSuccess != SSL_SendAdditionalKeyShares(fd, 2)) {
+ return NS_ERROR_FAILURE;
+ }
+
bool enabled = infoObject->SharedState().IsOCSPStaplingEnabled();
if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_OCSP_STAPLING, enabled)) {
return NS_ERROR_FAILURE;
}
if (SECSuccess != SSL_OptionSet(fd, SSL_HANDSHAKE_AS_CLIENT, true)) {
return NS_ERROR_FAILURE;
}