Backed out changeset f1aace586e14 (bug 1304919)
authorSebastian Hengst <archaeopteryx@coole-files.de>
Sat, 24 Sep 2016 18:00:08 +0200
changeset 315135 11c0e181dba102950b3034cf8a449c4070178479
parent 315134 bd20b9ac007d7e0416133744606c8dcd747dc1c9
child 315136 ddd64e2cf55f055ddb031ce84d620b6211addaa1
push id82090
push userarchaeopteryx@coole-files.de
push dateSat, 24 Sep 2016 16:01:56 +0000
treeherdermozilla-inbound@9c004ac338be [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
bugs1304919
milestone52.0a1
backs outf1aace586e14a276cc43dd00111d5c9d04580ea0
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Backed out changeset f1aace586e14 (bug 1304919)
config/external/nss/nss.symbols
media/mtransport/transportlayerdtls.cpp
--- a/config/external/nss/nss.symbols
+++ b/config/external/nss/nss.symbols
@@ -668,17 +668,16 @@ SSL_GetClientAuthDataHook
 SSL_GetImplementedCiphers
 SSL_GetNextProto
 SSL_GetNumImplementedCiphers
 SSL_GetSRTPCipher
 SSL_HandshakeCallback
 SSL_HandshakeNegotiatedExtension
 SSL_ImplementedCiphers @DATA@
 SSL_ImportFD
-SSL_NamedGroupConfig
 SSL_NumImplementedCiphers @DATA@
 SSL_OptionSet
 SSL_OptionSetDefault
 SSL_PeerCertificate
 SSL_PeerCertificateChain
 SSL_PeerStapledOCSPResponses
 SSL_ResetHandshake
 SSL_SetCanFalseStartCallback
--- a/media/mtransport/transportlayerdtls.cpp
+++ b/media/mtransport/transportlayerdtls.cpp
@@ -448,25 +448,16 @@ TransportLayerDtls::SetVerificationDiges
   digests_.push_back(new VerificationDigest(
       digest_algorithm, digest_value, digest_len));
 
   verification_mode_ = VERIFY_DIGEST;
 
   return NS_OK;
 }
 
-// These are the named groups that we will allow.
-static const SSLNamedGroup NamedGroupPreferences[] = {
-  ssl_grp_ec_curve25519,
-  ssl_grp_ec_secp256r1,
-  ssl_grp_ec_secp384r1,
-  ssl_grp_ffdhe_2048,
-  ssl_grp_ffdhe_3072
-};
-
 // TODO: make sure this is called from STS. Otherwise
 // we have thread safety issues
 bool TransportLayerDtls::Setup() {
   CheckThread();
   SECStatus rv;
 
   if (!downward_) {
     MOZ_MTLOG(ML_ERROR, "DTLS layer with nothing below. This is useless");
@@ -591,23 +582,16 @@ bool TransportLayerDtls::Setup() {
     MOZ_MTLOG(ML_ERROR, "Couldn't disable ECDHE key reuse");
     return false;
   }
 
   if (!SetupCipherSuites(ssl_fd)) {
     return false;
   }
 
-  rv = SSL_NamedGroupConfig(ssl_fd, NamedGroupPreferences,
-                            mozilla::ArrayLength(NamedGroupPreferences));
-  if (rv != SECSuccess) {
-    MOZ_MTLOG(ML_ERROR, "Couldn't set named groups");
-    return false;
-  }
-
   // Certificate validation
   rv = SSL_AuthCertificateHook(ssl_fd, AuthCertificateHook,
                                reinterpret_cast<void *>(this));
   if (rv != SECSuccess) {
     MOZ_MTLOG(ML_ERROR, "Couldn't set certificate validation hook");
     return false;
   }
 
@@ -702,36 +686,44 @@ static const uint32_t DisabledCiphers[] 
   TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA,
   TLS_ECDH_RSA_WITH_AES_256_CBC_SHA,
   TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA,
   TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
   TLS_ECDH_ECDSA_WITH_RC4_128_SHA,
   TLS_ECDH_RSA_WITH_RC4_128_SHA,
 
   TLS_RSA_WITH_AES_128_GCM_SHA256,
-  TLS_RSA_WITH_AES_256_GCM_SHA384,
   TLS_RSA_WITH_AES_128_CBC_SHA,
   TLS_RSA_WITH_AES_128_CBC_SHA256,
   TLS_RSA_WITH_CAMELLIA_128_CBC_SHA,
   TLS_RSA_WITH_AES_256_CBC_SHA,
   TLS_RSA_WITH_AES_256_CBC_SHA256,
   TLS_RSA_WITH_CAMELLIA_256_CBC_SHA,
   TLS_RSA_WITH_SEED_CBC_SHA,
+  SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA,
   TLS_RSA_WITH_3DES_EDE_CBC_SHA,
   TLS_RSA_WITH_RC4_128_SHA,
   TLS_RSA_WITH_RC4_128_MD5,
 
   TLS_DHE_RSA_WITH_DES_CBC_SHA,
   TLS_DHE_DSS_WITH_DES_CBC_SHA,
+  SSL_RSA_FIPS_WITH_DES_CBC_SHA,
   TLS_RSA_WITH_DES_CBC_SHA,
 
+  TLS_RSA_EXPORT1024_WITH_RC4_56_SHA,
+  TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA,
+
+  TLS_RSA_EXPORT_WITH_RC4_40_MD5,
+  TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5,
+
   TLS_ECDHE_ECDSA_WITH_NULL_SHA,
   TLS_ECDHE_RSA_WITH_NULL_SHA,
   TLS_ECDH_ECDSA_WITH_NULL_SHA,
   TLS_ECDH_RSA_WITH_NULL_SHA,
+
   TLS_RSA_WITH_NULL_SHA,
   TLS_RSA_WITH_NULL_SHA256,
   TLS_RSA_WITH_NULL_MD5,
 };
 
 bool TransportLayerDtls::SetupCipherSuites(PRFileDesc* ssl_fd) const {
   SECStatus rv;