Bug 1316300 - Remove ECDSA_CBC cipher suites from TLS 1.3 ClientHello. r?keeler
Because we enabled TLS 1.3 by default and removed the weak cipher suite fallback machinary, this is the simplest change to hide ECDSA_CBC behind fallback and measure the impact of removal.
MozReview-Commit-ID: G5gDKEid5XB
--- a/security/manager/ssl/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/nsNSSIOLayer.cpp
@@ -2397,16 +2397,21 @@ nsSSLIOLayerSetOptions(PRFileDesc* fd, b
}
}
// tell NSS the max enabled version to make anti-downgrade effective
if (SECSuccess != SSL_SetDowngradeCheckVersion(fd, maxEnabledVersion)) {
return NS_ERROR_FAILURE;
}
}
+ if (range.max > SSL_LIBRARY_VERSION_TLS_1_2) {
+ SSL_CipherPrefSet(fd, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, false);
+ SSL_CipherPrefSet(fd, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, false);
+ }
+
// Include a modest set of named groups.
const SSLNamedGroup namedGroups[] = {
ssl_grp_ec_curve25519, ssl_grp_ec_secp256r1, ssl_grp_ec_secp384r1,
ssl_grp_ec_secp521r1, ssl_grp_ffdhe_2048, ssl_grp_ffdhe_3072
};
if (SECSuccess != SSL_NamedGroupConfig(fd, namedGroups,
mozilla::ArrayLength(namedGroups))) {
return NS_ERROR_FAILURE;