Bug 1228555 - Remove support for SSLv2 r=mt,wtc,ekr

author: Tim Taubert <ttaubert@mozilla.com> 2016-03-11 11:52:04 +0100
committer: Tim Taubert <ttaubert@mozilla.com> 2016-03-11 11:52:04 +0100
commit: f83759faedaff3ec275ac5bfb2e71a5cdc84c605 (patch)
tree: 48582892e21db6fef3b9da5883b51bdad679b14e /cmd/vfyserv
parent: 4a18517e2130ec789aed957e3f9ffafd30f04075 (diff)
download: nss-hg-f83759faedaff3ec275ac5bfb2e71a5cdc84c605.tar.gz
3 files changed, 7 insertions, 18 deletions
diff --git a/cmd/vfyserv/vfyserv.c b/cmd/vfyserv/vfyserv.c
index 6ee22489a..3dd255274 100644
--- a/cmd/vfyserv/vfyserv.c
+++ b/cmd/vfyserv/vfyserv.c
@@ -41,8 +41,8 @@
 
 #define RD_BUF_SIZE (60 * 1024)
 
-extern int ssl2CipherSuites[];
 extern int ssl3CipherSuites[];
+extern int numSSL3CipherSuites;
 
 GlobalThreadMgr threadMGR;
 char *certNickname = NULL;
@@ -507,12 +507,11 @@ main(int argc, char **argv)
 	    disableAllSSLCiphers();
 
 	    while (0 != (ndx = *cipherString++)) {
-		int  cipher;
+                int cipher = 0;
 
 		if (ndx == ':') {
 		    int ctmp = 0;
 
-		    cipher = 0;
 		    HEXCHAR_TO_INT(*cipherString, ctmp)
 		    cipher |= (ctmp << 12);
 		    cipherString++;
@@ -526,12 +525,12 @@ main(int argc, char **argv)
 		    cipher |= ctmp;
 		    cipherString++;
 		} else {
-		    const int *cptr;
 		    if (! isalpha(ndx))
 			Usage(progName);
-		    cptr = islower(ndx) ? ssl3CipherSuites : ssl2CipherSuites;
-		    for (ndx &= 0x1f; (cipher = *cptr++) != 0 && --ndx > 0; )
-			/* do nothing */;
+                    ndx = tolower(ndx) - 'a';
+                    if (ndx < numSSL3CipherSuites) {
+                        cipher = ssl3CipherSuites[ndx];
+                    }
 		}
 		if (cipher > 0) {
 		    SSL_CipherPrefSetDefault(cipher, PR_TRUE);
diff --git a/cmd/vfyserv/vfyserv.h b/cmd/vfyserv/vfyserv.h
index ce3ae4873..a7a2067c1 100644
--- a/cmd/vfyserv/vfyserv.h
+++ b/cmd/vfyserv/vfyserv.h
@@ -38,7 +38,6 @@
 /* Declare SSL cipher suites. */
 
 extern int cipherSuites[];
-extern int ssl2CipherSuites[];
 extern int ssl3CipherSuites[];
 
 /* Data buffer read from a socket. */
diff --git a/cmd/vfyserv/vfyutil.c b/cmd/vfyserv/vfyutil.c
index 686c7b13f..64561462e 100644
--- a/cmd/vfyserv/vfyutil.c
+++ b/cmd/vfyserv/vfyutil.c
@@ -14,16 +14,6 @@ extern void dumpCertChain(CERTCertificate *, SECCertUsage);
 
 /* Declare SSL cipher suites. */
 
-int ssl2CipherSuites[] = {
-    SSL_EN_RC4_128_WITH_MD5,              /* A */
-    SSL_EN_RC4_128_EXPORT40_WITH_MD5,     /* B */
-    SSL_EN_RC2_128_CBC_WITH_MD5,          /* C */
-    SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, /* D */
-    SSL_EN_DES_64_CBC_WITH_MD5,           /* E */
-    SSL_EN_DES_192_EDE3_CBC_WITH_MD5,     /* F */
-    0
-};
-
 int ssl3CipherSuites[] = {
     -1, /* SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA* a */
     -1, /* SSL_FORTEZZA_DMS_WITH_RC4_128_SHA,	 * b */
@@ -53,6 +43,7 @@ int ssl3CipherSuites[] = {
     TLS_RSA_WITH_NULL_SHA,			/* z */
     0
 };
+int numSSL3CipherSuites = PR_ARRAY_SIZE(ssl3CipherSuites);
 
 /**************************************************************************
 **
author	Tim Taubert <ttaubert@mozilla.com>	2016-03-11 11:52:04 +0100
committer	Tim Taubert <ttaubert@mozilla.com>	2016-03-11 11:52:04 +0100
commit	f83759faedaff3ec275ac5bfb2e71a5cdc84c605 (patch)
tree	48582892e21db6fef3b9da5883b51bdad679b14e /cmd/vfyserv
parent	4a18517e2130ec789aed957e3f9ffafd30f04075 (diff)
download	nss-hg-f83759faedaff3ec275ac5bfb2e71a5cdc84c605.tar.gz