Enable Camellia FS cipher suites by default.

Exception to the DHE rule because of lack of ECDHE for Camellia in NSS, offering Forward Secrecy with Camellia that would otherwise not be possible.

1 files changed, 2 insertions, 2 deletions

diff --git a/netwerk/base/security-prefs.js b/netwerk/base/security-prefs.js
index 0447591a5..b787297ae 100644
--- a/netwerk/base/security-prefs.js
+++ b/netwerk/base/security-prefs.js
@@ -36,6 +36,8 @@ pref("security.ssl3.ecdhe_rsa_aes_128_sha", true);
 pref("security.ssl3.ecdhe_ecdsa_aes_128_sha", true);
 pref("security.ssl3.ecdhe_rsa_aes_256_sha", true);
 pref("security.ssl3.ecdhe_ecdsa_aes_256_sha", true);
+pref("security.ssl3.dhe_rsa_camellia_128_sha", true); //FS Camellia
+pref("security.ssl3.dhe_rsa_camellia_256_sha", true); //FS Camellia
 pref("security.ssl3.rsa_aes_256_gcm_sha384", true);
 pref("security.ssl3.rsa_aes_256_sha256", true);
 pref("security.ssl3.rsa_aes_128_gcm_sha256", false);
@@ -56,9 +58,7 @@ pref("security.ssl3.dhe_dss_camellia_128_sha", false); //DHE+DSS
 pref("security.ssl3.dhe_dss_aes_128_sha", false);      //DHE+DSS
 pref("security.ssl3.dhe_dss_aes_256_sha", false);      //DHE+DSS
 pref("security.ssl3.dhe_rsa_aes_128_sha", false);      //DHE+RSA
-pref("security.ssl3.dhe_rsa_camellia_128_sha", false); //DHE+RSA
 pref("security.ssl3.dhe_rsa_aes_256_sha", false);      //DHE+RSA
-pref("security.ssl3.dhe_rsa_camellia_256_sha", false); //DHE+RSA
 pref("security.ssl3.ecdh_ecdsa_aes_256_sha", false);   //Non-ephemeral
 pref("security.ssl3.ecdh_ecdsa_aes_128_sha", false);   //Non-ephemeral
 pref("security.ssl3.ecdh_ecdsa_des_ede3_sha", false);  //Non-ephemeral,3DES