bug 1195434 - specify what signature schemes the platform will actually accept in TLS handshakes r?mt
MozReview-Commit-ID: A3T4EgEfcfy
--- a/config/external/nss/nss.symbols
+++ b/config/external/nss/nss.symbols
@@ -687,16 +687,17 @@ SSL_SetCanFalseStartCallback
SSL_SetDowngradeCheckVersion
SSL_SetNextProtoNego
SSL_SetPKCS11PinArg
SSL_SetSockPeerID
SSL_SetSRTPCiphers
SSL_SetStapledOCSPResponses
SSL_SetURL
SSL_ShutdownServerSessionIDCache
+SSL_SignatureSchemePrefSet
SSL_SNISocketConfigHook
SSL_VersionRangeGet
SSL_VersionRangeGetDefault
SSL_VersionRangeGetSupported
SSL_VersionRangeSet
SSL_VersionRangeSetDefault
UTIL_SetForkState
VFY_Begin
--- a/security/manager/ssl/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/nsNSSIOLayer.cpp
@@ -2442,16 +2442,30 @@ nsSSLIOLayerImportFD(PRFileDesc* fd,
return sslSock;
loser:
if (sslSock) {
PR_Close(sslSock);
}
return nullptr;
}
+static const SSLSignatureScheme sEnabledSignatureSchemes[] = {
+ ssl_sig_ecdsa_secp256r1_sha256,
+ ssl_sig_ecdsa_secp384r1_sha384,
+ ssl_sig_ecdsa_secp521r1_sha512,
+ ssl_sig_rsa_pss_sha256,
+ ssl_sig_rsa_pss_sha384,
+ ssl_sig_rsa_pss_sha512,
+ ssl_sig_rsa_pkcs1_sha256,
+ ssl_sig_rsa_pkcs1_sha384,
+ ssl_sig_rsa_pkcs1_sha512,
+ ssl_sig_ecdsa_sha1,
+ ssl_sig_rsa_pkcs1_sha1,
+};
+
static nsresult
nsSSLIOLayerSetOptions(PRFileDesc* fd, bool forSTARTTLS,
bool haveProxy, const char* host, int32_t port,
nsNSSSocketInfo* infoObject)
{
nsNSSShutDownPreventionLock locker;
if (forSTARTTLS || haveProxy) {
if (SECSuccess != SSL_OptionSet(fd, SSL_SECURITY, false)) {
@@ -2511,16 +2525,21 @@ nsSSLIOLayerSetOptions(PRFileDesc* fd, b
return NS_ERROR_FAILURE;
}
// This ensures that we send key shares for X25519 and P-256 in TLS 1.3, so
// that servers are less likely to use HelloRetryRequest.
if (SECSuccess != SSL_SendAdditionalKeyShares(fd, 1)) {
return NS_ERROR_FAILURE;
}
+ if (SECSuccess != SSL_SignatureSchemePrefSet(fd, sEnabledSignatureSchemes,
+ mozilla::ArrayLength(sEnabledSignatureSchemes))) {
+ return NS_ERROR_FAILURE;
+ }
+
bool enabled = infoObject->SharedState().IsOCSPStaplingEnabled();
if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_OCSP_STAPLING, enabled)) {
return NS_ERROR_FAILURE;
}
bool sctsEnabled = infoObject->SharedState().IsSignedCertTimestampsEnabled();
if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_SIGNED_CERT_TIMESTAMPS,
sctsEnabled)) {