Bug 1638369 - enable some TLS ciphersuites with SHA-2-based MACs for compatibility r=jcj,kjacobs
authorDana Keeler <dkeeler@mozilla.com>
Fri, 22 May 2020 21:20:43 +0000
changeset 532238 5a7f6e78b0bb6f78a63eb5f745bcd090d425a8e4
parent 532237 0403812954413c969915a1a69042dc3cbd6043d5
child 532239 004a7596ab7c5fb912b31f443f63d577639437ad
push id117085
push userdkeeler@mozilla.com
push dateTue, 26 May 2020 18:41:41 +0000
treeherderautoland@5a7f6e78b0bb [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersjcj, kjacobs
bugs1638369
milestone78.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1638369 - enable some TLS ciphersuites with SHA-2-based MACs for compatibility r=jcj,kjacobs We have evidence that some sites have disabled ciphersuites with SHA-1-based MACs due to attacks against SHA-1 (disregarding the fact that these attacks don't necessarily apply to HMAC-SHA-1) while still relying on RSA key exchange. Before this patch, PSM did not enable any ciphersuites with RSA key exchange and non-SHA-1-based MACs. Consequently, Firefox would be unable to connect to these sites while other browsers would. This patch enables TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384, which are the only two ciphersuites (other than grease) that Chrome enables that Firefox did not (before this patch). Differential Revision: https://phabricator.services.mozilla.com/D76543
security/manager/ssl/nsNSSCallbacks.cpp
security/manager/ssl/nsNSSComponent.cpp
--- a/security/manager/ssl/nsNSSCallbacks.cpp
+++ b/security/manager/ssl/nsNSSCallbacks.cpp
@@ -1005,16 +1005,22 @@ static void AccumulateCipherSuite(Teleme
       value = 65;
       break;
     case TLS_RSA_WITH_3DES_EDE_CBC_SHA:
       value = 66;
       break;
     case TLS_RSA_WITH_SEED_CBC_SHA:
       value = 67;
       break;
+    case TLS_RSA_WITH_AES_128_GCM_SHA256:
+      value = 68;
+      break;
+    case TLS_RSA_WITH_AES_256_GCM_SHA384:
+      value = 69;
+      break;
     // TLS 1.3 PSK resumption
     case TLS_AES_128_GCM_SHA256:
       value = 70;
       break;
     case TLS_CHACHA20_POLY1305_SHA256:
       value = 71;
       break;
     case TLS_AES_256_GCM_SHA384:
--- a/security/manager/ssl/nsNSSComponent.cpp
+++ b/security/manager/ssl/nsNSSComponent.cpp
@@ -1055,16 +1055,20 @@ static const CipherPref sCipherPrefs[] =
     {"security.ssl3.dhe_rsa_aes_256_sha", TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
      true},
 
     {"security.tls13.aes_128_gcm_sha256", TLS_AES_128_GCM_SHA256, true},
     {"security.tls13.chacha20_poly1305_sha256", TLS_CHACHA20_POLY1305_SHA256,
      true},
     {"security.tls13.aes_256_gcm_sha384", TLS_AES_256_GCM_SHA384, true},
 
+    {"security.ssl3.rsa_aes_128_gcm_sha256", TLS_RSA_WITH_AES_128_GCM_SHA256,
+     true},  // deprecated (RSA key exchange)
+    {"security.ssl3.rsa_aes_256_gcm_sha384", TLS_RSA_WITH_AES_256_GCM_SHA384,
+     true},  // deprecated (RSA key exchange)
     {"security.ssl3.rsa_aes_128_sha", TLS_RSA_WITH_AES_128_CBC_SHA,
      true},  // deprecated (RSA key exchange)
     {"security.ssl3.rsa_aes_256_sha", TLS_RSA_WITH_AES_256_CBC_SHA,
      true},  // deprecated (RSA key exchange)
     {"security.ssl3.rsa_des_ede3_sha", TLS_RSA_WITH_3DES_EDE_CBC_SHA,
      true},  // deprecated (RSA key exchange, 3DES)
 
     // All the rest are disabled