author Masatoshi Kimura <VYV03354@nifty.ne.jp>

Sat, 17 Dec 2016 12:32:58 +0900

changeset 450607 8eb7672df5bbca621616f9093b2127ae13c4b2e7

parent 450591 34a1ab064cb5b868fa75cb74d052e978eb34d6c1

child 539807 ea26b2f342ee466247b2036832561062b66400b6

push id 38921

push user VYV03354@nifty.ne.jp

push date Sat, 17 Dec 2016 09:06:17 +0000

reviewers keeler

bugs 1316300

milestone 53.0a1

security/manager/ssl/nsNSSIOLayer.cpp file | annotate | diff | comparison | revisions
--- a/security/manager/ssl/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/nsNSSIOLayer.cpp
@@ -2397,16 +2397,21 @@ nsSSLIOLayerSetOptions(PRFileDesc* fd, b
       }
     }
     // tell NSS the max enabled version to make anti-downgrade effective
     if (SECSuccess != SSL_SetDowngradeCheckVersion(fd, maxEnabledVersion)) {
       return NS_ERROR_FAILURE;
     }
   }
 
+  if (range.max > SSL_LIBRARY_VERSION_TLS_1_2) {
+    SSL_CipherPrefSet(fd, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, false);
+    SSL_CipherPrefSet(fd, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, false);
+  }
+
   // Include a modest set of named groups.
   const SSLNamedGroup namedGroups[] = {
     ssl_grp_ec_curve25519, ssl_grp_ec_secp256r1, ssl_grp_ec_secp384r1,
     ssl_grp_ec_secp521r1, ssl_grp_ffdhe_2048, ssl_grp_ffdhe_3072
   };
   if (SECSuccess != SSL_NamedGroupConfig(fd, namedGroups,
                                          mozilla::ArrayLength(namedGroups))) {
     return NS_ERROR_FAILURE;
author	Masatoshi Kimura <VYV03354@nifty.ne.jp>
	Sat, 17 Dec 2016 12:32:58 +0900
changeset 450607	8eb7672df5bbca621616f9093b2127ae13c4b2e7
parent 450591	34a1ab064cb5b868fa75cb74d052e978eb34d6c1
child 539807	ea26b2f342ee466247b2036832561062b66400b6
push id	38921
push user	VYV03354@nifty.ne.jp
push date	Sat, 17 Dec 2016 09:06:17 +0000
reviewers	keeler
bugs	1316300
milestone	53.0a1