diff options
| author | Elio Maldonado <emaldona@redhat.com> | 2016-04-14 13:17:57 -0700 |
|---|---|---|
| committer | Elio Maldonado <emaldona@redhat.com> | 2016-04-14 13:17:57 -0700 |
| commit | c54bdf09daa8f965bef7aef3f7426e6d327bb276 (patch) | |
| tree | 54bd8f7ce8b5c0b56bfdf605201e0c4a417909ea | |
| parent | 57347bb23155c47083c5add65fe6f03a14bf70ee (diff) | |
| download | nss-hg-c54bdf09daa8f965bef7aef3f7426e6d327bb276.tar.gz | |
Bug 1257891] TLS 1.3: Implement Resumption-PSK, r=ekr
- Fix consistency in order & classsification for three ciphers across tables
| -rw-r--r-- | lib/ssl/ssl3con.c | 6 | ||||
| -rw-r--r-- | lib/ssl/sslenum.c | 3 |
2 files changed, 4 insertions, 5 deletions
diff --git a/lib/ssl/ssl3con.c b/lib/ssl/ssl3con.c index 28fc85bb4..3654edbdd 100644 --- a/lib/ssl/ssl3con.c +++ b/lib/ssl/ssl3con.c @@ -98,12 +98,11 @@ static SECStatus ssl3_AESGCMBypass(ssl3KeyMaterial *keys, PRBool doDecrypt, static ssl3CipherSuiteCfg cipherSuites[ssl_V3_SUITES_IMPLEMENTED] = { /* cipher_suite policy enabled isPresent */ +#ifndef NSS_DISABLE_ECC /* ECDHE-PSK from [draft-mattsson-tls-ecdhe-psk-aead]. Only enabled if * we are doing TLS 1.3 PSK-resumption. */ { TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - -#ifndef NSS_DISABLE_ECC { TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, { TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, @@ -437,10 +436,11 @@ static const ssl3CipherSuiteDef cipher_suite_defs[] = {TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, cipher_aes_256, hmac_sha256, kea_dhe_dss}, {TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_dhe_rsa}, + +#ifndef NSS_DISABLE_ECC {TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_ecdhe_rsa}, {TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, cipher_chacha20, mac_aead, kea_ecdhe_ecdsa}, -#ifndef NSS_DISABLE_ECC {TLS_ECDH_ECDSA_WITH_NULL_SHA, cipher_null, mac_sha, kea_ecdh_ecdsa}, {TLS_ECDH_ECDSA_WITH_RC4_128_SHA, cipher_rc4, mac_sha, kea_ecdh_ecdsa}, {TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, cipher_3des, mac_sha, kea_ecdh_ecdsa}, diff --git a/lib/ssl/sslenum.c b/lib/ssl/sslenum.c index d080a14da..ae1fd7d05 100644 --- a/lib/ssl/sslenum.c +++ b/lib/ssl/sslenum.c @@ -49,11 +49,10 @@ * the third one. */ const PRUint16 SSL_ImplementedCiphers[] = { +#ifndef NSS_DISABLE_ECC /* ECDHE-PSK from [draft-mattsson-tls-ecdhe-psk-aead]. */ TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256, - -#ifndef NSS_DISABLE_ECC TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, |