Update to NSS 3.21
- Package listsuites as part of the unsupported tools set - Resolves: Bug 1279912 - nss-3.21 is available - Resolves: Bug 1258425 - Use __isa_bits macro instead of list of 64-bit - Resolves: Bug 1280032 - Package listsuites as part of the nss unsupported tools set
This commit is contained in:
parent
81b37a0f74
commit
812b611b7b
|
@ -10,4 +10,4 @@ TestUser51.cert
|
|||
/nss-pem-20140125.tar.bz2
|
||||
/PayPalRootCA.cert
|
||||
/PayPalICA.cert
|
||||
/nss-3.20.1.tar.gz
|
||||
/nss-3.21.0.tar.gz
|
||||
|
|
|
@ -1,11 +1,9 @@
|
|||
diff -up nss/cmd/httpserv/httpserv.c.539183 nss/cmd/httpserv/httpserv.c
|
||||
--- nss/cmd/httpserv/httpserv.c.539183 2013-05-28 14:43:24.000000000 -0700
|
||||
+++ nss/cmd/httpserv/httpserv.c 2013-05-30 22:16:46.685373471 -0700
|
||||
@@ -661,14 +661,18 @@ getBoundListenSocket(unsigned short port
|
||||
PRStatus prStatus;
|
||||
diff -up ./nss/cmd/httpserv/httpserv.c.539183 ./nss/cmd/httpserv/httpserv.c
|
||||
--- ./nss/cmd/httpserv/httpserv.c.539183 2015-11-08 21:12:59.000000000 -0800
|
||||
+++ ./nss/cmd/httpserv/httpserv.c 2015-11-12 13:28:01.574855325 -0800
|
||||
@@ -938,13 +938,13 @@ getBoundListenSocket(unsigned short port
|
||||
PRNetAddr addr;
|
||||
PRSocketOptionData opt;
|
||||
+ PRUint16 socketDomain = PR_AF_INET;
|
||||
|
||||
- addr.inet.family = PR_AF_INET;
|
||||
- addr.inet.ip = PR_INADDR_ANY;
|
||||
|
@ -15,9 +13,6 @@ diff -up nss/cmd/httpserv/httpserv.c.539183 nss/cmd/httpserv/httpserv.c
|
|||
+ }
|
||||
|
||||
- listen_sock = PR_NewTCPSocket();
|
||||
+ if (PR_GetEnv("NSS_USE_SDP")) {
|
||||
+ socketDomain = PR_AF_INET_SDP;
|
||||
+ }
|
||||
+ listen_sock = PR_OpenTCPSocket(PR_AF_INET6);
|
||||
if (listen_sock == NULL) {
|
||||
- errExit("PR_NewTCPSocket");
|
||||
|
@ -25,14 +20,12 @@ diff -up nss/cmd/httpserv/httpserv.c.539183 nss/cmd/httpserv/httpserv.c
|
|||
}
|
||||
|
||||
opt.option = PR_SockOpt_Nonblocking;
|
||||
diff -up nss/cmd/selfserv/selfserv.c.539183 nss/cmd/selfserv/selfserv.c
|
||||
--- nss/cmd/selfserv/selfserv.c.539183 2013-05-28 14:43:24.000000000 -0700
|
||||
+++ nss/cmd/selfserv/selfserv.c 2013-05-30 22:16:46.688373495 -0700
|
||||
@@ -1687,14 +1687,18 @@ getBoundListenSocket(unsigned short port
|
||||
PRStatus prStatus;
|
||||
diff -up ./nss/cmd/selfserv/selfserv.c.539183 ./nss/cmd/selfserv/selfserv.c
|
||||
--- ./nss/cmd/selfserv/selfserv.c.539183 2015-11-08 21:12:59.000000000 -0800
|
||||
+++ ./nss/cmd/selfserv/selfserv.c 2015-11-12 13:26:40.498345875 -0800
|
||||
@@ -1707,13 +1707,13 @@ getBoundListenSocket(unsigned short port
|
||||
PRNetAddr addr;
|
||||
PRSocketOptionData opt;
|
||||
+ PRUint16 socketDomain = PR_AF_INET;
|
||||
|
||||
- addr.inet.family = PR_AF_INET;
|
||||
- addr.inet.ip = PR_INADDR_ANY;
|
||||
|
@ -42,9 +35,6 @@ diff -up nss/cmd/selfserv/selfserv.c.539183 nss/cmd/selfserv/selfserv.c
|
|||
+ }
|
||||
|
||||
- listen_sock = PR_NewTCPSocket();
|
||||
+ if (PR_GetEnv("NSS_USE_SDP")) {
|
||||
+ socketDomain = PR_AF_INET_SDP;
|
||||
+ }
|
||||
+ listen_sock = PR_OpenTCPSocket(PR_AF_INET6);
|
||||
if (listen_sock == NULL) {
|
||||
- errExit("PR_NewTCPSocket");
|
||||
|
|
50
nss.spec
50
nss.spec
|
@ -18,7 +18,7 @@
|
|||
|
||||
Summary: Network Security Services
|
||||
Name: nss
|
||||
Version: 3.20.1
|
||||
Version: 3.21.0
|
||||
# for Rawhide, please always use release >= 2
|
||||
# for Fedora release branches, please use release < 2 (1.0, 1.1, ...)
|
||||
Release: 2%{?dist}
|
||||
|
@ -92,15 +92,17 @@ Patch52: disableSSL2libssl.patch
|
|||
Patch53: disableSSL2tests.patch
|
||||
Patch54: tstclnt-ssl2-off-by-default.patch
|
||||
Patch55: skip_stress_TLS_RC4_128_with_MD5.patch
|
||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=923089
|
||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1009429
|
||||
# See https://hg.mozilla.org/projects/nss/raw-rev/dc7bb2f8cc50
|
||||
Patch56: ocsp_stapling_sslauth_sni_tests_client_side_fixes.patch
|
||||
# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1205688
|
||||
Patch57: rhbz1185708-enable-ecc-ciphers-by-default.patch
|
||||
# Local patch for TLS_ECDHE_{ECDSA|RSA}_WITH_3DES_EDE_CBC_SHA ciphers
|
||||
Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch
|
||||
|
||||
# As of nss-3.21 we compile NSS with -Werror.
|
||||
# See https://bugzilla.mozilla.org/show_bug.cgi?id=1182667
|
||||
# This requires a cleanup of the PEM module as we have it here.
|
||||
# TODO: submit a variant to the interim nss-pem upstream project
|
||||
# Note that the submission will be quite different from this patch
|
||||
# as a cleanup there is already in progress there.
|
||||
Patch59: pem-compile-with-Werror.patch
|
||||
|
||||
%description
|
||||
Network Security Services (NSS) is a set of libraries designed to
|
||||
support cross-platform development of security-enabled client and
|
||||
|
@ -188,11 +190,8 @@ pushd nss
|
|||
popd
|
||||
%patch54 -p0 -b .ssl2_off
|
||||
%patch55 -p1 -b .skip_stress_tls_rc4_128_with_md5
|
||||
%patch56 -p1 -b .ocsp_sni
|
||||
pushd nss
|
||||
%patch57 -p1 -b .1185708
|
||||
popd
|
||||
%patch58 -p0 -b .1185708_3des
|
||||
%patch59 -p0 -b .compile_Werror
|
||||
|
||||
#########################################################
|
||||
# Higher-level libraries and test tools need access to
|
||||
|
@ -210,6 +209,10 @@ done
|
|||
%{__cp} ./nss/lib/softoken/lowkeyi.h ./nss/cmd/rsaperf
|
||||
%{__cp} ./nss/lib/softoken/lowkeyti.h ./nss/cmd/rsaperf
|
||||
|
||||
# Before removing util directory we must save verref.h
|
||||
# as it will be needed later during the build phase.
|
||||
%{__mv} ./nss/lib/util/verref.h ./nss/verref.h
|
||||
|
||||
##### Remove util/freebl/softoken and low level tools
|
||||
######## Remove freebl, softoken and util
|
||||
%{__rm} -rf ./nss/lib/freebl
|
||||
|
@ -285,7 +288,11 @@ export NSS_BUILD_WITHOUT_SOFTOKEN=1
|
|||
NSS_USE_SYSTEM_SQLITE=1
|
||||
export NSS_USE_SYSTEM_SQLITE
|
||||
|
||||
%ifarch x86_64 %{power64} ia64 s390x sparc64 aarch64
|
||||
# external tests are causing build problems because they access ssl internal types
|
||||
# TODO: Investigate as there may be a better solution
|
||||
export NSS_DISABLE_GTESTS=1
|
||||
|
||||
%if %{__isa_bits} == 64
|
||||
USE_64=1
|
||||
export USE_64
|
||||
%endif
|
||||
|
@ -301,6 +308,13 @@ export NSS_ECC_MORE_THAN_SUITE_B
|
|||
export NSS_BLTEST_NOT_AVAILABLE=1
|
||||
%{__make} -C ./nss/coreconf
|
||||
%{__make} -C ./nss/lib/dbm
|
||||
|
||||
# nss/nssinit.c, ssl/sslcon.c, smime/smimeutil.c and ckfw/builtins/binst.c
|
||||
# need nss/lib/util/verref.h which is which is exported privately,
|
||||
# copy the one we saved during prep so it they can find it.
|
||||
%{__mkdir_p} ./dist/private/nss
|
||||
%{__mv} ./nss/verref.h ./dist/private/nss/verref.h
|
||||
|
||||
%{__make} -C ./nss
|
||||
unset NSS_BLTEST_NOT_AVAILABLE
|
||||
|
||||
|
@ -389,7 +403,7 @@ export FREEBL_NO_DEPEND
|
|||
BUILD_OPT=1
|
||||
export BUILD_OPT
|
||||
|
||||
%ifarch x86_64 %{power64} ia64 s390x sparc64 aarch64
|
||||
%if %{__isa_bits} == 64
|
||||
USE_64=1
|
||||
export USE_64
|
||||
%endif
|
||||
|
@ -551,7 +565,7 @@ do
|
|||
done
|
||||
|
||||
# Copy the binaries we ship as unsupported
|
||||
for file in atob btoa derdump ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain
|
||||
for file in atob btoa derdump listsuites ocspclnt pp selfserv strsclnt symkeyutil tstclnt vfyserv vfychain
|
||||
do
|
||||
%{__install} -p -m 755 dist/*.OBJ/bin/$file $RPM_BUILD_ROOT/%{unsupported_tools_directory}
|
||||
done
|
||||
|
@ -702,6 +716,7 @@ fi
|
|||
%{unsupported_tools_directory}/atob
|
||||
%{unsupported_tools_directory}/btoa
|
||||
%{unsupported_tools_directory}/derdump
|
||||
%{unsupported_tools_directory}/listsuites
|
||||
%{unsupported_tools_directory}/ocspclnt
|
||||
%{unsupported_tools_directory}/pp
|
||||
%{unsupported_tools_directory}/selfserv
|
||||
|
@ -806,6 +821,13 @@ fi
|
|||
|
||||
|
||||
%changelog
|
||||
* Thu Nov 12 2015 Elio Maldonado Batiz <emaldona@redhat.com> - 3.21.1-2
|
||||
- Update to NSS 3.21
|
||||
- Package listsuites as part of the unsupported tools set
|
||||
- Resolves: Bug 1279912 - nss-3.21 is available
|
||||
- Resolves: Bug 1258425 - Use __isa_bits macro instead of list of 64-bit
|
||||
- Resolves: Bug 1280032 - Package listsuites as part of the nss unsupported tools set
|
||||
|
||||
* Fri Oct 30 2015 Elio Maldonado <emaldona@redhat.com> - 3.20.1-2
|
||||
- Update to NSS 3.20.1
|
||||
|
||||
|
|
|
@ -0,0 +1,191 @@
|
|||
diff -up ./nss/lib/ckfw/pem/ckpem.h.compile_Werror ./nss/lib/ckfw/pem/ckpem.h
|
||||
--- ./nss/lib/ckfw/pem/ckpem.h.compile_Werror 2014-01-23 06:28:18.000000000 -0800
|
||||
+++ ./nss/lib/ckfw/pem/ckpem.h 2015-11-12 06:59:07.831377167 -0800
|
||||
@@ -233,7 +233,7 @@ struct pemLOWKEYPrivateKeyStr {
|
||||
};
|
||||
typedef struct pemLOWKEYPrivateKeyStr pemLOWKEYPrivateKey;
|
||||
|
||||
-SECStatus ReadDERFromFile(SECItem ***derlist, char *filename, PRBool ascii, int *cipher, char **ivstring, PRBool certsonly);
|
||||
+int ReadDERFromFile(SECItem ***derlist, char *filename, PRBool ascii, int *cipher, char **ivstring, PRBool certsonly, SECStatus *pError);
|
||||
const NSSItem * pem_FetchAttribute ( pemInternalObject *io, CK_ATTRIBUTE_TYPE type);
|
||||
void pem_PopulateModulusExponent(pemInternalObject *io);
|
||||
NSSCKMDObject * pem_CreateObject(NSSCKFWInstance *fwInstance, NSSCKFWSession *fwSession, NSSCKMDToken *mdToken, CK_ATTRIBUTE_PTR pTemplate, CK_ULONG ulAttributeCount, CK_RV *pError);
|
||||
diff -up ./nss/lib/ckfw/pem/pinst.c.compile_Werror ./nss/lib/ckfw/pem/pinst.c
|
||||
--- ./nss/lib/ckfw/pem/pinst.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800
|
||||
+++ ./nss/lib/ckfw/pem/pinst.c 2015-11-12 06:59:07.831377167 -0800
|
||||
@@ -466,15 +466,17 @@ AddCertificate(char *certfile, char *key
|
||||
{
|
||||
pemInternalObject *o;
|
||||
CK_RV error = 0;
|
||||
+ SECStatus status;
|
||||
int objid, i;
|
||||
int nobjs = 0;
|
||||
SECItem **objs = NULL;
|
||||
char *ivstring = NULL;
|
||||
int cipher;
|
||||
|
||||
- nobjs = ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
|
||||
+ nobjs = ReadDERFromFile(&objs, certfile, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */, &status);
|
||||
if (nobjs <= 0) {
|
||||
nss_ZFreeIf(objs);
|
||||
+ /* TODO: map the status to a CK_RV error */
|
||||
return CKR_GENERAL_ERROR;
|
||||
}
|
||||
|
||||
@@ -513,12 +515,14 @@ AddCertificate(char *certfile, char *key
|
||||
o = NULL;
|
||||
|
||||
if (keyfile) { /* add the private key */
|
||||
+ SECStatus status;
|
||||
SECItem **keyobjs = NULL;
|
||||
int kobjs = 0;
|
||||
kobjs =
|
||||
ReadDERFromFile(&keyobjs, keyfile, PR_TRUE, &cipher,
|
||||
- &ivstring, PR_FALSE);
|
||||
+ &ivstring, PR_FALSE, &status);
|
||||
if (kobjs < 1) {
|
||||
+ /* TODO: map the status to an error */
|
||||
error = CKR_GENERAL_ERROR;
|
||||
goto loser;
|
||||
}
|
||||
diff -up ./nss/lib/ckfw/pem/pobject.c.compile_Werror ./nss/lib/ckfw/pem/pobject.c
|
||||
--- ./nss/lib/ckfw/pem/pobject.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800
|
||||
+++ ./nss/lib/ckfw/pem/pobject.c 2015-11-12 06:59:07.831377167 -0800
|
||||
@@ -630,6 +630,8 @@ pem_DestroyInternalObject
|
||||
if (io->u.key.ivstring)
|
||||
free(io->u.key.ivstring);
|
||||
break;
|
||||
+ case pemAll:
|
||||
+ return;
|
||||
}
|
||||
|
||||
if (NULL != gobj)
|
||||
@@ -1044,7 +1046,7 @@ pem_CreateObject
|
||||
int nobjs = 0;
|
||||
int i;
|
||||
int objid;
|
||||
- pemToken *token;
|
||||
+ /*pemToken *token = NULL;*/
|
||||
int cipher;
|
||||
char *ivstring = NULL;
|
||||
pemInternalObject *listObj = NULL;
|
||||
@@ -1073,7 +1075,7 @@ pem_CreateObject
|
||||
}
|
||||
slotID = nssCKFWSlot_GetSlotID(fwSlot);
|
||||
|
||||
- token = (pemToken *) mdToken->etc;
|
||||
+ /*token = (pemToken *) mdToken->etc;*/
|
||||
|
||||
/*
|
||||
* only create keys and certs.
|
||||
@@ -1114,7 +1116,10 @@ pem_CreateObject
|
||||
}
|
||||
|
||||
if (objClass == CKO_CERTIFICATE) {
|
||||
- nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_TRUE /* certs only */);
|
||||
+ SECStatus status;
|
||||
+ nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring,
|
||||
+ PR_TRUE /* certs only */, &status);
|
||||
+ /* TODO: How do we map status to *pError */
|
||||
if (nobjs < 1)
|
||||
goto loser;
|
||||
|
||||
@@ -1156,11 +1161,14 @@ pem_CreateObject
|
||||
} else if (objClass == CKO_PRIVATE_KEY) {
|
||||
/* Brute force: find the id of the certificate, if any, in this slot */
|
||||
int i;
|
||||
+ SECStatus status;
|
||||
SECItem certDER;
|
||||
CK_SESSION_HANDLE hSession;
|
||||
PRBool added;
|
||||
|
||||
- nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring, PR_FALSE /* keys only */);
|
||||
+ nobjs = ReadDERFromFile(&derlist, filename, PR_TRUE, &cipher, &ivstring,
|
||||
+ PR_FALSE /* keys only */, &status);
|
||||
+ /* TODO: How do we map status to *pError? */
|
||||
if (nobjs < 1)
|
||||
goto loser;
|
||||
|
||||
diff -up ./nss/lib/ckfw/pem/rsawrapr.c.compile_Werror ./nss/lib/ckfw/pem/rsawrapr.c
|
||||
--- ./nss/lib/ckfw/pem/rsawrapr.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800
|
||||
+++ ./nss/lib/ckfw/pem/rsawrapr.c 2015-11-12 06:59:07.831377167 -0800
|
||||
@@ -93,6 +93,8 @@ pem_PublicModulusLen(NSSLOWKEYPublicKey
|
||||
return 0;
|
||||
}
|
||||
|
||||
+/* unused functions */
|
||||
+#if 0
|
||||
static SHA1Context *SHA1_CloneContext(SHA1Context * original)
|
||||
{
|
||||
SHA1Context *clone = NULL;
|
||||
@@ -215,6 +217,7 @@ oaep_xor_with_h2(unsigned char *salt, un
|
||||
|
||||
return SECSuccess;
|
||||
}
|
||||
+#endif /* unused functions */
|
||||
|
||||
/*
|
||||
* Format one block of data for public/private key encryption using
|
||||
diff -up ./nss/lib/ckfw/pem/util.c.compile_Werror ./nss/lib/ckfw/pem/util.c
|
||||
--- ./nss/lib/ckfw/pem/util.c.compile_Werror 2014-01-23 06:28:18.000000000 -0800
|
||||
+++ ./nss/lib/ckfw/pem/util.c 2015-11-12 06:59:07.831377167 -0800
|
||||
@@ -58,7 +58,7 @@
|
||||
#include <stdarg.h>
|
||||
|
||||
#define CHUNK_SIZE 512
|
||||
-#define PUT_Object(obj,err) \
|
||||
+#define PUT_Object(obj,pErr) \
|
||||
{ \
|
||||
if (count >= size) { \
|
||||
*derlist = *derlist ? \
|
||||
@@ -67,7 +67,7 @@
|
||||
nss_ZNEWARRAY(NULL, SECItem *, \
|
||||
(size+CHUNK_SIZE) ) ; \
|
||||
if ((SECItem **)NULL == *derlist) { \
|
||||
- err = CKR_HOST_MEMORY; \
|
||||
+ *pErr = CKR_HOST_MEMORY; \
|
||||
goto loser; \
|
||||
} \
|
||||
size += CHUNK_SIZE; \
|
||||
@@ -133,19 +133,20 @@ static SECStatus FileToItem(SECItem * ds
|
||||
|
||||
int
|
||||
ReadDERFromFile(SECItem *** derlist, char *filename, PRBool ascii,
|
||||
- int *cipher, char **ivstring, PRBool certsonly)
|
||||
+ int *cipher, char **ivstring, PRBool certsonly, SECStatus *pError)
|
||||
{
|
||||
SECStatus rv;
|
||||
PRFileDesc *inFile;
|
||||
int count = 0, size = 0;
|
||||
SECItem *der = NULL;
|
||||
- int error;
|
||||
SECItem filedata;
|
||||
char *c, *iv;
|
||||
|
||||
inFile = PR_Open(filename, PR_RDONLY, 0);
|
||||
- if (!inFile)
|
||||
+ if (!inFile) {
|
||||
+ *pError = SECFailure;
|
||||
return -1;
|
||||
+ }
|
||||
|
||||
if (ascii) {
|
||||
/* First convert ascii to binary */
|
||||
@@ -237,7 +238,7 @@ ReadDERFromFile(SECItem *** derlist, cha
|
||||
goto loser;
|
||||
}
|
||||
if ((certsonly && !key) || (!certsonly && key)) {
|
||||
- PUT_Object(der, error);
|
||||
+ PUT_Object(der, pError);
|
||||
} else {
|
||||
free(der->data);
|
||||
free(der);
|
||||
@@ -255,7 +256,7 @@ ReadDERFromFile(SECItem *** derlist, cha
|
||||
}
|
||||
|
||||
/* NOTE: This code path has never been tested. */
|
||||
- PUT_Object(der, error);
|
||||
+ PUT_Object(der, pError);
|
||||
}
|
||||
|
||||
nss_ZFreeIf(filedata.data);
|
|
@ -1,39 +0,0 @@
|
|||
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c
|
||||
--- a/lib/ssl/ssl3con.c
|
||||
+++ b/lib/ssl/ssl3con.c
|
||||
@@ -85,27 +85,27 @@ static SECStatus ssl3_AESGCMBypass(ssl3K
|
||||
*
|
||||
* Important: See bug 946147 before enabling, reordering, or adding any cipher
|
||||
* suites to this list.
|
||||
*/
|
||||
static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = {
|
||||
/* cipher_suite policy enabled isPresent */
|
||||
|
||||
#ifndef NSS_DISABLE_ECC
|
||||
- { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
- { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
+ { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
+ { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
/* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA is out of order to work around
|
||||
* bug 946147.
|
||||
*/
|
||||
- { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
- { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
- { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
- { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
+ { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
+ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
+ { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
+ { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
+ { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
{ TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
||||
#endif /* NSS_DISABLE_ECC */
|
||||
|
||||
{ TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE},
|
||||
{ TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE},
|
2
sources
2
sources
|
@ -4,4 +4,4 @@ a5ae49867124ac75f029a9a33af31bad blank-cert8.db
|
|||
691e663ccc07b7a1eaa6f088e03bf8e2 blank-cert9.db
|
||||
2ec9e0606ba40fe65196545564b7cc2a blank-key4.db
|
||||
b8a94e863c852e1f8b75e930e76f8640 nss-pem-20140125.tar.bz2
|
||||
c285ef92de0031cb0a8caa60d396d618 nss-3.20.1.tar.gz
|
||||
f53ffa490133d29ff930fa4b29bade90 nss-3.21.0.tar.gz
|
||||
|
|
Loading…
Reference in New Issue