Bug 1123020 - Remove options to allow unrestricted renegotiation. r=keeler
authorMasatoshi Kimura <VYV03354@nifty.ne.jp>
Thu, 29 Jan 2015 21:04:26 +0900
changeset 226553 b6975a40b2e214ca52a01c357a8b8fdccdbd314e
parent 226552 9d901e50344005aa1c74ed07dd6bb679bec39828
child 226554 7e34c1037f5edacb0e6977c3813bee1e99092869
push id28200
push userkwierso@gmail.com
push dateThu, 29 Jan 2015 23:01:46 +0000
treeherdermozilla-central@4380ed39de3a [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler
bugs1123020
milestone38.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1123020 - Remove options to allow unrestricted renegotiation. r=keeler
netwerk/base/security-prefs.js
security/manager/ssl/src/nsNSSComponent.cpp
security/manager/ssl/src/nsNSSIOLayer.cpp
security/manager/ssl/src/nsNSSIOLayer.h
--- a/netwerk/base/security-prefs.js
+++ b/netwerk/base/security-prefs.js
@@ -9,18 +9,16 @@ pref("security.tls.version.fallback-limi
 # bug 1095507, www.kredodirect.com.ua
 # bug 1111354, web3.secureinternetbank.com
 # bug 1112110, cmypage.kuronekoyamato.co.jp
 # bug 1115883, www.timewarnercable.com and wayfarer.timewarnercable.com
 # bug 1126652, www.animate-onlineshop.jp
 # bug 1126654, www.gamers-onlineshop.jp
 pref("security.tls.insecure_fallback_hosts", "www.kredodirect.com.ua,web3.secureinternetbank.com,cmypage.kuronekoyamato.co.jp,www.timewarnercable.com,wayfarer.timewarnercable.com,www.animate-onlineshop.jp,www.gamers-onlineshop.jp");
 
-pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false);
-pref("security.ssl.renego_unrestricted_hosts", "");
 pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
 pref("security.ssl.require_safe_negotiation",  false);
 pref("security.ssl.warn_missing_rfc5746",  1);
 pref("security.ssl.enable_ocsp_stapling", true);
 pref("security.ssl.enable_false_start", true);
 pref("security.ssl.false_start.require-npn", false);
 pref("security.ssl.enable_npn", true);
 pref("security.ssl.enable_alpn", true);
--- a/security/manager/ssl/src/nsNSSComponent.cpp
+++ b/security/manager/ssl/src/nsNSSComponent.cpp
@@ -729,17 +729,16 @@ nsNSSComponent::FillTLSVersionRange(SSLV
 
   // fill out rangeOut
   rangeOut.min = (uint16_t) minFromPrefs;
   rangeOut.max = (uint16_t) maxFromPrefs;
 }
 
 static const int32_t OCSP_ENABLED_DEFAULT = 1;
 static const bool REQUIRE_SAFE_NEGOTIATION_DEFAULT = false;
-static const bool ALLOW_UNRESTRICTED_RENEGO_DEFAULT = false;
 static const bool FALSE_START_ENABLED_DEFAULT = true;
 static const bool NPN_ENABLED_DEFAULT = true;
 static const bool ALPN_ENABLED_DEFAULT = false;
 
 static void
 ConfigureTLSSessionIdentifiers()
 {
   bool disableSessionIdentifiers =
@@ -1049,23 +1048,17 @@ nsNSSComponent::InitializeNSS()
 
   ConfigureTLSSessionIdentifiers();
 
   bool requireSafeNegotiation =
     Preferences::GetBool("security.ssl.require_safe_negotiation",
                          REQUIRE_SAFE_NEGOTIATION_DEFAULT);
   SSL_OptionSetDefault(SSL_REQUIRE_SAFE_NEGOTIATION, requireSafeNegotiation);
 
-  bool allowUnrestrictedRenego =
-    Preferences::GetBool("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref",
-                         ALLOW_UNRESTRICTED_RENEGO_DEFAULT);
-  SSL_OptionSetDefault(SSL_ENABLE_RENEGOTIATION,
-                       allowUnrestrictedRenego ?
-                         SSL_RENEGOTIATE_UNRESTRICTED :
-                         SSL_RENEGOTIATE_REQUIRES_XTN);
+  SSL_OptionSetDefault(SSL_ENABLE_RENEGOTIATION, SSL_RENEGOTIATE_REQUIRES_XTN);
 
   SSL_OptionSetDefault(SSL_ENABLE_FALSE_START,
                        Preferences::GetBool("security.ssl.enable_false_start",
                                             FALSE_START_ENABLED_DEFAULT));
 
   // SSL_ENABLE_NPN and SSL_ENABLE_ALPN also require calling
   // SSL_SetNextProtoNego in order for the extensions to be negotiated.
   // WebRTC does not do that so it will not use NPN or ALPN even when these
@@ -1332,24 +1325,16 @@ nsNSSComponent::Observe(nsISupports* aSu
     if (prefName.EqualsLiteral("security.tls.version.min") ||
         prefName.EqualsLiteral("security.tls.version.max")) {
       (void) setEnabledTLSVersions();
     } else if (prefName.EqualsLiteral("security.ssl.require_safe_negotiation")) {
       bool requireSafeNegotiation =
         Preferences::GetBool("security.ssl.require_safe_negotiation",
                              REQUIRE_SAFE_NEGOTIATION_DEFAULT);
       SSL_OptionSetDefault(SSL_REQUIRE_SAFE_NEGOTIATION, requireSafeNegotiation);
-    } else if (prefName.EqualsLiteral("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref")) {
-      bool allowUnrestrictedRenego =
-        Preferences::GetBool("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref",
-                             ALLOW_UNRESTRICTED_RENEGO_DEFAULT);
-      SSL_OptionSetDefault(SSL_ENABLE_RENEGOTIATION,
-                           allowUnrestrictedRenego ?
-                             SSL_RENEGOTIATE_UNRESTRICTED :
-                             SSL_RENEGOTIATE_REQUIRES_XTN);
     } else if (prefName.EqualsLiteral("security.ssl.enable_false_start")) {
       SSL_OptionSetDefault(SSL_ENABLE_FALSE_START,
                            Preferences::GetBool("security.ssl.enable_false_start",
                                                 FALSE_START_ENABLED_DEFAULT));
     } else if (prefName.EqualsLiteral("security.ssl.enable_npn")) {
       SSL_OptionSetDefault(SSL_ENABLE_NPN,
                            Preferences::GetBool("security.ssl.enable_npn",
                                                 NPN_ENABLED_DEFAULT));
--- a/security/manager/ssl/src/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/src/nsNSSIOLayer.cpp
@@ -673,17 +673,16 @@ nsNSSSocketInfo::SharedState()
 {
   return mSharedState;
 }
 
 void nsSSLIOLayerHelpers::Cleanup()
 {
   MutexAutoLock lock(mutex);
   mTLSIntoleranceInfo.Clear();
-  mRenegoUnrestrictedSites.Clear();
   mInsecureFallbackSites.Clear();
 }
 
 static void
 nsHandleSSLError(nsNSSSocketInfo* socketInfo,
                  ::mozilla::psm::SSLErrorMessageType errtype,
                  PRErrorCode err)
 {
@@ -1657,21 +1656,17 @@ NS_IMPL_ISUPPORTS(PrefObserver, nsIObser
 
 NS_IMETHODIMP
 PrefObserver::Observe(nsISupports* aSubject, const char* aTopic,
                       const char16_t* someData)
 {
   if (nsCRT::strcmp(aTopic, NS_PREFBRANCH_PREFCHANGE_TOPIC_ID) == 0) {
     NS_ConvertUTF16toUTF8 prefName(someData);
 
-    if (prefName.EqualsLiteral("security.ssl.renego_unrestricted_hosts")) {
-      nsCString unrestrictedHosts;
-      Preferences::GetCString("security.ssl.renego_unrestricted_hosts", &unrestrictedHosts);
-      mOwner->setSiteList(mOwner->mRenegoUnrestrictedSites, unrestrictedHosts);
-    } else if (prefName.EqualsLiteral("security.ssl.treat_unsafe_negotiation_as_broken")) {
+    if (prefName.EqualsLiteral("security.ssl.treat_unsafe_negotiation_as_broken")) {
       bool enabled;
       Preferences::GetBool("security.ssl.treat_unsafe_negotiation_as_broken", &enabled);
       mOwner->setTreatUnsafeNegotiationAsBroken(enabled);
     } else if (prefName.EqualsLiteral("security.ssl.warn_missing_rfc5746")) {
       int32_t warnLevel = 1;
       Preferences::GetInt("security.ssl.warn_missing_rfc5746", &warnLevel);
       mOwner->setWarnLevelMissingRFC5746(warnLevel);
     } else if (prefName.EqualsLiteral("security.ssl.false_start.require-npn")) {
@@ -1708,18 +1703,16 @@ PlaintextRecv(PRFileDesc* fd, void* buf,
 }
 
 nsSSLIOLayerHelpers::~nsSSLIOLayerHelpers()
 {
   // mPrefObserver will only be set if this->Init was called. The GTest tests
   // do not call Init.
   if (mPrefObserver) {
     Preferences::RemoveObserver(mPrefObserver,
-      "security.ssl.renego_unrestricted_hosts");
-    Preferences::RemoveObserver(mPrefObserver,
         "security.ssl.treat_unsafe_negotiation_as_broken");
     Preferences::RemoveObserver(mPrefObserver,
         "security.ssl.warn_missing_rfc5746");
     Preferences::RemoveObserver(mPrefObserver,
         "security.ssl.false_start.require-npn");
     Preferences::RemoveObserver(mPrefObserver,
         "security.tls.version.fallback-limit");
     Preferences::RemoveObserver(mPrefObserver,
@@ -1767,20 +1760,16 @@ nsSSLIOLayerHelpers::Init()
     nsSSLIOLayerMethods.read = nsSSLIOLayerRead;
     nsSSLIOLayerMethods.poll = nsSSLIOLayerPoll;
 
     nsSSLPlaintextLayerIdentity = PR_GetUniqueIdentity("Plaintxext PSM layer");
     nsSSLPlaintextLayerMethods  = *PR_GetDefaultIOMethods();
     nsSSLPlaintextLayerMethods.recv = PlaintextRecv;
   }
 
-  nsCString unrestrictedHosts;
-  Preferences::GetCString("security.ssl.renego_unrestricted_hosts", &unrestrictedHosts);
-  setSiteList(mRenegoUnrestrictedSites, unrestrictedHosts);
-
   bool enabled = false;
   Preferences::GetBool("security.ssl.treat_unsafe_negotiation_as_broken", &enabled);
   setTreatUnsafeNegotiationAsBroken(enabled);
 
   int32_t warnLevel = 1;
   Preferences::GetInt("security.ssl.warn_missing_rfc5746", &warnLevel);
   setWarnLevelMissingRFC5746(warnLevel);
 
@@ -1789,18 +1778,16 @@ nsSSLIOLayerHelpers::Init()
                          FALSE_START_REQUIRE_NPN_DEFAULT);
   loadVersionFallbackLimit();
   nsCString insecureFallbackHosts;
   Preferences::GetCString("security.tls.insecure_fallback_hosts", &insecureFallbackHosts);
   setInsecureFallbackSites(insecureFallbackHosts);
 
   mPrefObserver = new PrefObserver(this);
   Preferences::AddStrongObserver(mPrefObserver,
-                                 "security.ssl.renego_unrestricted_hosts");
-  Preferences::AddStrongObserver(mPrefObserver,
                                  "security.ssl.treat_unsafe_negotiation_as_broken");
   Preferences::AddStrongObserver(mPrefObserver,
                                  "security.ssl.warn_missing_rfc5746");
   Preferences::AddStrongObserver(mPrefObserver,
                                  "security.ssl.false_start.require-npn");
   Preferences::AddStrongObserver(mPrefObserver,
                                  "security.tls.version.fallback-limit");
   Preferences::AddStrongObserver(mPrefObserver,
@@ -1821,50 +1808,41 @@ nsSSLIOLayerHelpers::loadVersionFallback
 
   mVersionFallbackLimit = filledInRange.max;
 }
 
 void
 nsSSLIOLayerHelpers::clearStoredData()
 {
   MutexAutoLock lock(mutex);
-  mRenegoUnrestrictedSites.Clear();
   mInsecureFallbackSites.Clear();
   mTLSIntoleranceInfo.Clear();
 }
 
 void
-nsSSLIOLayerHelpers::setSiteList(nsTHashtable<nsCStringHashKey>& sites,
-                                 const nsCString& str)
+nsSSLIOLayerHelpers::setInsecureFallbackSites(const nsCString& str)
 {
   MutexAutoLock lock(mutex);
 
-  sites.Clear();
+  mInsecureFallbackSites.Clear();
 
   if (str.IsEmpty()) {
     return;
   }
 
   nsCCharSeparatedTokenizer toker(str, ',');
 
   while (toker.hasMoreTokens()) {
     const nsCSubstring& host = toker.nextToken();
     if (!host.IsEmpty()) {
-      sites.PutEntry(host);
+      mInsecureFallbackSites.PutEntry(host);
     }
   }
 }
 
-bool
-nsSSLIOLayerHelpers::isRenegoUnrestrictedSite(const nsCString& str)
-{
-  MutexAutoLock lock(mutex);
-  return mRenegoUnrestrictedSites.Contains(str);
-}
-
 void
 nsSSLIOLayerHelpers::setTreatUnsafeNegotiationAsBroken(bool broken)
 {
   MutexAutoLock lock(mutex);
   mTreatUnsafeNegotiationAsBroken = broken;
 }
 
 bool
@@ -2644,26 +2622,16 @@ nsSSLIOLayerSetOptions(PRFileDesc* fd, b
   if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_OCSP_STAPLING, enabled)) {
     return NS_ERROR_FAILURE;
   }
 
   if (SECSuccess != SSL_OptionSet(fd, SSL_HANDSHAKE_AS_CLIENT, true)) {
     return NS_ERROR_FAILURE;
   }
 
-  nsSSLIOLayerHelpers& ioHelpers = infoObject->SharedState().IOLayerHelpers();
-  if (ioHelpers.isRenegoUnrestrictedSite(nsDependentCString(host))) {
-    if (SECSuccess != SSL_OptionSet(fd, SSL_REQUIRE_SAFE_NEGOTIATION, false)) {
-      return NS_ERROR_FAILURE;
-    }
-    if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_RENEGOTIATION, SSL_RENEGOTIATE_UNRESTRICTED)) {
-      return NS_ERROR_FAILURE;
-    }
-  }
-
   // Set the Peer ID so that SSL proxy connections work properly and to
   // separate anonymous and/or private browsing connections.
   uint32_t flags = infoObject->GetProviderFlags();
   nsAutoCString peerId;
   if (flags & nsISocketProvider::ANONYMOUS_CONNECT) { // See bug 466080
     peerId.AppendLiteral("anon:");
   }
   if (flags & nsISocketProvider::NO_PERMANENT_STORAGE) {
--- a/security/manager/ssl/src/nsNSSIOLayer.h
+++ b/security/manager/ssl/src/nsNSSIOLayer.h
@@ -181,17 +181,16 @@ public:
   void Cleanup();
 
   static bool nsSSLIOLayerInitialized;
   static PRDescIdentity nsSSLIOLayerIdentity;
   static PRDescIdentity nsSSLPlaintextLayerIdentity;
   static PRIOMethods nsSSLIOLayerMethods;
   static PRIOMethods nsSSLPlaintextLayerMethods;
 
-  nsTHashtable<nsCStringHashKey> mRenegoUnrestrictedSites;
   bool mTreatUnsafeNegotiationAsBroken;
   int32_t mWarnLevelMissingRFC5746;
 
   void setTreatUnsafeNegotiationAsBroken(bool broken);
   bool treatUnsafeNegotiationAsBroken();
   void setWarnLevelMissingRFC5746(int32_t level);
   int32_t getWarnLevelMissingRFC5746();
 
@@ -225,25 +224,19 @@ public:
   // returns the known tolerant version
   // or 0 if there is no known tolerant version
   uint16_t forgetIntolerance(const nsACString& hostname, int16_t port);
   void adjustForTLSIntolerance(const nsACString& hostname, int16_t port,
                                /*in/out*/ SSLVersionRange& range,
                                /*out*/ StrongCipherStatus& strongCipherStatus);
   PRErrorCode getIntoleranceReason(const nsACString& hostname, int16_t port);
 
-  void setSiteList(nsTHashtable<nsCStringHashKey>& sites,
-                   const nsCString& str);
-  bool isRenegoUnrestrictedSite(const nsCString& str);
   void clearStoredData();
   void loadVersionFallbackLimit();
-  void setInsecureFallbackSites(const nsCString& str)
-  {
-    setSiteList(mInsecureFallbackSites, str);
-  }
+  void setInsecureFallbackSites(const nsCString& str);
 
   bool mFalseStartRequireNPN;
   bool mFalseStartRequireForwardSecrecy;
   uint16_t mVersionFallbackLimit;
 private:
   mozilla::Mutex mutex;
   nsCOMPtr<nsIObserver> mPrefObserver;
 };