Reinstate RC4 and mark 3DES weak.

Tag #709
author: wolfbeast <mcwerewolf@gmail.com> 2018-08-17 06:39:04 +0200
committer: wolfbeast <mcwerewolf@gmail.com> 2018-08-17 06:39:04 +0200
commit: 26debee73392b4d138663204b343c8ca805e6b3f (patch)
tree: d1f48ecf7622be17adab45585f36dd20925b1e69 /security
parent: df852120098dc7ba5df4a76126c6297c6d2d1b7b (diff)
download: uxp-26debee73392b4d138663204b343c8ca805e6b3f.tar.gz
1 files changed, 7 insertions, 1 deletions
diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp
index acaf9da903..69b36d85f1 100644
--- a/security/manager/ssl/nsNSSComponent.cpp
+++ b/security/manager/ssl/nsNSSComponent.cpp
@@ -1376,12 +1376,18 @@ static const CipherPref sCipherPrefs[] = {
    TLS_RSA_WITH_AES_256_CBC_SHA, true },
 
 // Expensive/deprecated/weak
+// Deprecated
  { "security.ssl3.rsa_aes_128_gcm_sha256",
    TLS_RSA_WITH_AES_128_GCM_SHA256, false }, // Deprecated
  { "security.ssl3.rsa_aes_128_sha256",
    TLS_RSA_WITH_AES_128_CBC_SHA256, false }, // Deprecated
+// Weak/vulnerable
  { "security.ssl3.rsa_des_ede3_sha",
-   TLS_RSA_WITH_3DES_EDE_CBC_SHA, false }, // Weak (3DES)
+   TLS_RSA_WITH_3DES_EDE_CBC_SHA, false, true }, // Weak (3DES)
+ { "security.ssl3.rsa_rc4_128_sha",
+   TLS_RSA_WITH_RC4_128_SHA, false, true }, // RC4
+ { "security.ssl3.rsa_rc4_128_md5",
+   TLS_RSA_WITH_RC4_128_MD5, false, true }, // RC4, HMAC-MD5
 
  // All the rest are disabled
author	wolfbeast <mcwerewolf@gmail.com>	2018-08-17 06:39:04 +0200
committer	wolfbeast <mcwerewolf@gmail.com>	2018-08-17 06:39:04 +0200
commit	26debee73392b4d138663204b343c8ca805e6b3f (patch)
tree	d1f48ecf7622be17adab45585f36dd20925b1e69 /security
parent	df852120098dc7ba5df4a76126c6297c6d2d1b7b (diff)
download	uxp-26debee73392b4d138663204b343c8ca805e6b3f.tar.gz