Renamed a source file and deleted the patch that it replaces.
This commit is contained in:
parent
50d1896848
commit
f1288f2a53
|
@ -11,4 +11,4 @@ TestUser51.cert
|
|||
/PayPalRootCA.cert
|
||||
/PayPalICA.cert
|
||||
/nss-3.24.0.tar.gz
|
||||
/tests-data-adjust-for-policy.patch
|
||||
/adjust4policy.txt
|
||||
|
|
|
@ -1,15 +1,22 @@
|
|||
--- ./lib/nss/config.mk.ignore_system_policy 2016-06-08 20:25:58.841775044 -0700
|
||||
+++ ./lib/nss/config.mk 2016-06-08 20:27:06.507526784 -0700
|
||||
@@ -101,10 +101,12 @@
|
||||
# Export 'mktemp' to be backward compatible with NSS 3.2.x and 3.3.x
|
||||
# but do not put it in the import library. See bug 142575.
|
||||
DEFINES += -DWIN32_NSS3_DLL_COMPAT
|
||||
DLLFLAGS += -EXPORT:mktemp=nss_mktemp,PRIVATE
|
||||
endif
|
||||
endif
|
||||
|
||||
ifdef POLICY_FILE
|
||||
+ifndef NSS_IGNORE_SYSTEM_POLICY
|
||||
DEFINES += -DPOLICY_FILE=\"$(POLICY_FILE)\" -DPOLICY_PATH=\"$(POLICY_PATH)\"
|
||||
endif
|
||||
+endif
|
||||
--- ./lib/nss/nssinit.c.ignore_system_policy 2016-06-06 07:57:54.924457084 -0700
|
||||
+++ ./lib/nss/nssinit.c 2016-06-06 08:01:27.753830455 -0700
|
||||
@@ -678,17 +678,18 @@
|
||||
dbpath = NULL;
|
||||
}
|
||||
if (dbpath) {
|
||||
nss_FindExternalRoot(dbpath, secmodName);
|
||||
}
|
||||
}
|
||||
}
|
||||
#ifdef POLICY_FILE
|
||||
- if (PR_Access(POLICY_PATH "/" POLICY_FILE, PR_ACCESS_READ_OK) == PR_SUCCESS ) {
|
||||
+ if (!PR_GetEnvSecure("NSS_IGNORE_SYSTEM_POLICY") &&
|
||||
+ PR_Access(POLICY_PATH "/" POLICY_FILE, PR_ACCESS_READ_OK) == PR_SUCCESS) {
|
||||
SECMODModule *module = SECMOD_LoadModule(
|
||||
"name=\"Policy File\" "
|
||||
"parameters=\"configdir='sql:" POLICY_PATH "' "
|
||||
"secmod='" POLICY_FILE "' "
|
||||
"flags=readOnly,noCertDB,forceSecmodChoice,forceOpen\" "
|
||||
"NSS=\"flags=internal,moduleDB,skipFirst,moduleDBOnly,critical\"",
|
||||
parent, PR_TRUE);
|
||||
if (module) {
|
||||
|
|
4
nss.spec
4
nss.spec
|
@ -71,7 +71,7 @@ Source25: key3.db.xml
|
|||
Source26: key4.db.xml
|
||||
Source27: secmod.db.xml
|
||||
# needs to be updated as we rebase and the system crypto policies evolve
|
||||
Source28: tests-data-adjust-for-policy.patch
|
||||
Source28: adjust4policy.txt
|
||||
|
||||
Patch2: add-relro-linker-option.patch
|
||||
Patch3: renegotiate-transitional.patch
|
||||
|
@ -492,7 +492,7 @@ pushd ./nss/tests/
|
|||
|
||||
# don't need to run all the tests when testing packaging
|
||||
# nss_cycles: standard pkix upgradedb sharedb
|
||||
# TODO: Add ssl_gtests when we rebase to nss-3.25
|
||||
# TODO: Add ssl_gtests when we rebase to nss-3.25 or higher
|
||||
%define nss_tests "libpkix cert dbtests tools fips sdr crmf smime ssl ocsp merge pkits chains pk11_gtests der_gtests"
|
||||
# nss_ssl_tests: crl bypass_normal normal_bypass normal_fips fips_normal iopr
|
||||
# nss_ssl_run: cov auth stress
|
||||
|
|
2
sources
2
sources
|
@ -5,4 +5,4 @@ a5ae49867124ac75f029a9a33af31bad blank-cert8.db
|
|||
2ec9e0606ba40fe65196545564b7cc2a blank-key4.db
|
||||
4d8e770b105483e365f3327d883dd229 nss-pem-20160308.tar.bz2
|
||||
2a3ffd2f46b60ecc116ac086343a537a nss-3.24.0.tar.gz
|
||||
e07f3874bfba21ce4b11c5b9bcff023c tests-data-adjust-for-policy.patch
|
||||
e07f3874bfba21ce4b11c5b9bcff023c adjust4policy.txt
|
||||
|
|
|
@ -1,101 +0,0 @@
|
|||
diff -up ./tests/ssl/sslauth.txt.expected_result ./tests/ssl/sslauth.txt
|
||||
--- ./tests/ssl/sslauth.txt.expected_result 2016-05-17 00:58:45.000000000 -0700
|
||||
+++ ./tests/ssl/sslauth.txt 2016-05-28 15:21:11.800761721 -0700
|
||||
@@ -14,12 +14,12 @@
|
||||
noECC 254 -r_-r -w_nss_-n_none TLS Require client auth (client does not provide auth)
|
||||
noECC 254 -r_-r -w_bogus_-n_TestUser TLS Require client auth (bad password)
|
||||
noECC 0 -r_-r -w_nss_-n_TestUser_ TLS Require client auth (client auth)
|
||||
- noECC 0 -r -V_:ssl3_-w_nss_-n_none SSL3 Request don't require client auth (client does not provide auth)
|
||||
- noECC 0 -r -V_:ssl3_-n_TestUser_-w_bogus SSL3 Request don't require client auth (bad password)
|
||||
- noECC 0 -r -V_:ssl3_-n_TestUser_-w_nss SSL3 Request don't require client auth (client auth)
|
||||
+ noECC 254 -r -V_:ssl3_-w_nss_-n_none SSL3 Request don't require client auth (client does not provide auth)
|
||||
+ noECC 254 -r -V_:ssl3_-n_TestUser_-w_bogus SSL3 Request don't require client auth (bad password)
|
||||
+ noECC 254 -r -V_:ssl3_-n_TestUser_-w_nss SSL3 Request don't require client auth (client auth)
|
||||
noECC 254 -r_-r -V_:ssl3_-w_nss_-n_none SSL3 Require client auth (client does not provide auth)
|
||||
noECC 254 -r_-r -V_:ssl3_-n_TestUser_-w_bogus SSL3 Require client auth (bad password)
|
||||
- noECC 0 -r_-r -V_:ssl3_-n_TestUser_-w_nss SSL3 Require client auth (client auth)
|
||||
+ noECC 254 -r_-r -V_:ssl3_-n_TestUser_-w_nss SSL3 Require client auth (client auth)
|
||||
noECC 0 -r_-r_-r -V_ssl3:_-w_nss_-n_none TLS Request don't require client auth on 2nd hs (client does not provide auth)
|
||||
noECC 0 -r_-r_-r -V_ssl3:_-w_bogus_-n_TestUser TLS Request don't require client auth on 2nd hs (bad password)
|
||||
noECC 0 -r_-r_-r -V_ssl3:_-w_nss_-n_TestUser TLS Request don't require client auth on 2nd hs (client auth)
|
||||
@@ -32,9 +32,9 @@
|
||||
noECC 1 -r_-r_-r_-r -V_ssl3:tls1.0_-w_nss_-n_none TLS 1.0 Require client auth on 2nd hs (client does not provide auth)
|
||||
noECC 1 -r_-r_-r_-r -V_ssl3:tls1.0_-w_bogus_-n_TestUser TLS 1.0 Require client auth on 2nd hs (bad password)
|
||||
noECC 0 -r_-r_-r_-r -V_ssl3:tls1.0_-w_nss_-n_TestUser TLS 1.0 Require client auth on 2nd hs (client auth)
|
||||
- noECC 0 -r_-r_-r -V_ssl3:ssl3_-w_nss_-n_none SSL3 Request don't require client auth on 2nd hs (client does not provide auth)
|
||||
- noECC 0 -r_-r_-r -V_ssl3:ssl3_-n_TestUser_-w_bogus SSL3 Request don't require client auth on 2nd hs (bad password)
|
||||
- noECC 0 -r_-r_-r -V_ssl3:ssl3_-n_TestUser_-w_nss SSL3 Request don't require client auth on 2nd hs (client auth)
|
||||
+ noECC 254 -r_-r_-r -V_ssl3:ssl3_-w_nss_-n_none SSL3 Request don't require client auth on 2nd hs (client does not provide auth)
|
||||
+ noECC 254 -r_-r_-r -V_ssl3:ssl3_-n_TestUser_-w_bogus SSL3 Request don't require client auth on 2nd hs (bad password)
|
||||
+ noECC 254 -r_-r_-r -V_ssl3:ssl3_-n_TestUser_-w_nss SSL3 Request don't require client auth on 2nd hs (client auth)
|
||||
noECC 1 -r_-r_-r_-r -V_ssl3:ssl3_-w_nss_-n_none SSL3 Require client auth on 2nd hs (client does not provide auth)
|
||||
noECC 1 -r_-r_-r_-r -V_ssl3:ssl3_-n_TestUser_-w_bogus SSL3 Require client auth on 2nd hs (bad password)
|
||||
noECC 0 -r_-r_-r_-r -V_ssl3:ssl3_-n_TestUser_-w_nss SSL3 Require client auth on 2nd hs (client auth)
|
||||
@@ -57,17 +57,17 @@
|
||||
ECC 0 -r_-r_-r -V_ssl3:tls1.0_-w_nss_-n_TestUser-ec TLS 1.0 Request don't require client auth on 2nd hs (EC) (client auth)
|
||||
ECC 1 -r_-r_-r_-r -V_ssl3:tls1.0_-w_bogus_-n_TestUser-ec TLS 1.0 Require client auth on 2nd hs (EC) (bad password)
|
||||
ECC 0 -r_-r_-r_-r -V_ssl3:tls1.0_-w_nss_-n_TestUser-ec_ TLS 1.0 Require client auth on 2nd hs (EC) (client auth)
|
||||
- ECC 0 -r_-r_-r -V_ssl3:ssl3_-n_TestUser-ec_-w_bogus SSL3 Request don't require client auth on 2nd hs (EC) (bad password)
|
||||
- ECC 0 -r_-r_-r -V_ssl3:ssl3_-n_TestUser-ec_-w_nss SSL3 Request don't require client auth on 2nd hs (EC) (client auth)
|
||||
+ ECC 254 -r_-r_-r -V_ssl3:ssl3_-n_TestUser-ec_-w_bogus SSL3 Request don't require client auth on 2nd hs (EC) (bad password)
|
||||
+ ECC 254 -r_-r_-r -V_ssl3:ssl3_-n_TestUser-ec_-w_nss SSL3 Request don't require client auth on 2nd hs (EC) (client auth)
|
||||
ECC 1 -r_-r_-r_-r -V_ssl3:ssl3_-n_TestUser-ec_-w_bogus SSL3 Require client auth on 2nd hs (EC) (bad password)
|
||||
- ECC 0 -r_-r_-r_-r -V_ssl3:ssl3_-n_TestUser-ec_-w_nss SSL3 Require client auth on 2nd hs (EC) (client auth)
|
||||
+ ECC 254 -r_-r_-r_-r -V_ssl3:ssl3_-n_TestUser-ec_-w_nss SSL3 Require client auth on 2nd hs (EC) (client auth)
|
||||
#
|
||||
# SNI Tests
|
||||
#
|
||||
SNI 0 -r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser TLS Server hello response without SNI
|
||||
SNI 0 -r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI
|
||||
SNI 1 -r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni1.Dom TLS Server response with alert
|
||||
- SNI 0 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-w_nss_-n_TestUser SSL3 Server hello response without SNI
|
||||
+ SNI 254 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-w_nss_-n_TestUser SSL3 Server hello response without SNI
|
||||
SNI 1 -r_-a_Host-sni.Dom -V_ssl3:ssl3_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom SSL3 Server hello response with SNI: SSL don't have SH extensions
|
||||
SNI 0 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-w_nss_-n_TestUser TLS Server hello response without SNI
|
||||
SNI 0 -r_-r_-r_-a_Host-sni.Dom -V_ssl3:_-c_v_-w_nss_-n_TestUser_-a_Host-sni.Dom TLS Server hello response with SNI
|
||||
diff -up ./tests/ssl/sslpolicy.txt.expected_result ./tests/ssl/sslpolicy.txt
|
||||
--- ./tests/ssl/sslpolicy.txt.expected_result 2016-05-17 00:58:45.000000000 -0700
|
||||
+++ ./tests/ssl/sslpolicy.txt 2016-05-28 15:21:11.800761721 -0700
|
||||
@@ -148,26 +148,26 @@
|
||||
# Exp Enable Enable Cipher Config Policy Test Name
|
||||
# Ret EC TLS
|
||||
# turn on single cipher
|
||||
- 0 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Allowed by Narrow Policy
|
||||
- 0 noECC SSL3 d disallow=all_allow=hmac-sha1/ssl,ssl-key-exchange:sha256/cert-signature:rsa/ssl-key-exchange:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Allowed by Strict Policy
|
||||
- 0 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Allow All Explicitly
|
||||
- 1 noECC SSL3 d disallow=all Disallow All Explicitly.
|
||||
+# 0 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Allowed by Narrow Policy
|
||||
+# 0 noECC SSL3 d disallow=all_allow=hmac-sha1/ssl,ssl-key-exchange:sha256/cert-signature:rsa/ssl-key-exchange:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Allowed by Strict Policy
|
||||
+# 0 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Allow All Explicitly
|
||||
+# 1 noECC SSL3 d disallow=all Disallow All Explicitly.
|
||||
# turn off signature only
|
||||
- 1 noECC SSL3 d disallow=sha256 Disallow SHA256 Signatures Explicitly.
|
||||
- 1 noECC SSL3 d disallow=all_allow=hmac-sha1:rsa/ssl-key-exchange:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow SHA256 Signatures Implicitly Narrow.
|
||||
- 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow SHA256 Signatures Implicitly.
|
||||
+# 1 noECC SSL3 d disallow=sha256 Disallow SHA256 Signatures Explicitly.
|
||||
+# 1 noECC SSL3 d disallow=all_allow=hmac-sha1:rsa/ssl-key-exchange:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow SHA256 Signatures Implicitly Narrow.
|
||||
+# 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow SHA256 Signatures Implicitly.
|
||||
# turn off single cipher
|
||||
- 1 noECC SSL3 d disallow=des-ede3-cbc Disallow Cipher Explicitly
|
||||
- 1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa:des-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow Cipher Implicitly Narrow.
|
||||
- 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-verion-max=tls1.2 Disallow Cipher Implicitly.
|
||||
+# 1 noECC SSL3 d disallow=des-ede3-cbc Disallow Cipher Explicitly
|
||||
+# 1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa:des-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow Cipher Implicitly Narrow.
|
||||
+# 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-verion-max=tls1.2 Disallow Cipher Implicitly.
|
||||
# turn off H-Mac
|
||||
- 1 noECC SSL3 d disallow=hmac-sha1 Disallow HMAC Explicitly
|
||||
- 1 noECC SSL3 d disallow=all_allow=md5:sha256:rsa:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow HMAC Implicitly Narrow.
|
||||
- 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow HMAC Signatures Implicitly.
|
||||
+# 1 noECC SSL3 d disallow=hmac-sha1 Disallow HMAC Explicitly
|
||||
+# 1 noECC SSL3 d disallow=all_allow=md5:sha256:rsa:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow HMAC Implicitly Narrow.
|
||||
+# 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow HMAC Signatures Implicitly.
|
||||
# turn off key exchange
|
||||
- 1 noECC SSL3 d disallow=rsa/ssl-key-exchange Disallow Key Exchange Explicitly.
|
||||
- 1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:dh-dss:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow Key Exchange Implicitly Narrow.
|
||||
- 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow Key Exchnage Signatures Implicitly.
|
||||
+# 1 noECC SSL3 d disallow=rsa/ssl-key-exchange Disallow Key Exchange Explicitly.
|
||||
+# 1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:dh-dss:des-ede3-cbc:tls-version-min=ssl3.0:tls-version-max=ssl3.0 Disallow Key Exchange Implicitly Narrow.
|
||||
+# 1 noECC SSL3 d disallow=all_allow=md2/all:md4/all:md5/all:sha1/all:sha256/all:sha384/all:sha512/all:hmac-sha1/all:hmac-sha224/all:hmac-sha256/all:hmac-sha384/all:hmac-sha512/all:hmac-md5/all:camellia128-cbc/all:camellia192-cbc/all:camellia256-cbc/all:seed-cbc/all:des-ede3-cbc/all:des-40-cbc/all:des-cbc/all:null-cipher/all:rc2/all:rc4/all:idea/all:rsa-export/all:dhe-rsa/all:dhe-dss/all:ecdhe-ecdsa/all:ecdhe-rsa/all:ecdh-ecdsa/all:ecdh-rsa/all:tls-version-min=ssl2.0:tls-version-max=tls1.2 Disallow Key Exchnage Signatures Implicitly.
|
||||
# turn off version
|
||||
1 noECC SSL3 d allow=tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Exlicitly
|
||||
1 noECC SSL3 d disallow=all_allow=hmac-sha1:sha256:rsa:des-ede3-cbc:tls-version-min=tls1.0:tls-version-max=tls1.2 Disallow Version Implicitly Narrow.
|
Loading…
Reference in New Issue