Bug 1291253, land differences between rc0 and final RTM of NSS 3.26, r=franziskus, a=ritu
authorKai Engert <kaie@kuix.de>
Mon, 08 Aug 2016 22:47:58 +0200
changeset 332630 79f0792841417c6cdf8cb78e8ee5026f53ba72aa
parent 332629 ac9f7f2ed879a2ac380fac1dd95069d940058c92
child 332631 43e9e32c32a8eb644e0ede4f111032cb4edbf489
push id9883
push userkaie@kuix.de
push dateMon, 08 Aug 2016 20:48:05 +0000
treeherdermozilla-aurora@79f079284141 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersfranziskus, ritu
bugs1291253
milestone50.0a2
Bug 1291253, land differences between rc0 and final RTM of NSS 3.26, r=franziskus, a=ritu
security/nss/TAG-INFO
security/nss/coreconf/coreconf.dep
security/nss/external_tests/ssl_gtest/ssl_dhe_unittest.cc
security/nss/external_tests/ssl_gtest/tls_agent.cc
security/nss/external_tests/ssl_gtest/tls_agent.h
security/nss/external_tests/ssl_gtest/tls_connect.cc
security/nss/external_tests/ssl_gtest/tls_connect.h
security/nss/lib/ckfw/builtins/certdata.txt
security/nss/lib/ckfw/builtins/nssckbi.h
security/nss/lib/ssl/sslimpl.h
security/nss/lib/ssl/sslsock.c
--- a/security/nss/TAG-INFO
+++ b/security/nss/TAG-INFO
@@ -1,1 +1,1 @@
-NSS_3_26_RC0
+NSS_3_26_RTM
--- a/security/nss/coreconf/coreconf.dep
+++ b/security/nss/coreconf/coreconf.dep
@@ -5,9 +5,8 @@
 
 /*
  * A dummy header file that is a dependency for all the object files.
  * Used to force a full recompilation of NSS in Mozilla's Tinderbox
  * depend builds.  See comments in rules.mk.
  */
 
 #error "Do not include this header file."
-
--- a/security/nss/external_tests/ssl_gtest/ssl_dhe_unittest.cc
+++ b/security/nss/external_tests/ssl_gtest/ssl_dhe_unittest.cc
@@ -530,16 +530,29 @@ TEST_P(TlsConnectGeneric, Ffdhe3072) {
                                 PR_ARRAY_SIZE(groups)));
   EXPECT_EQ(SECSuccess,
             SSL_DHEGroupPrefSet(server_->ssl_fd(), groups,
                                 PR_ARRAY_SIZE(groups)));
 
   Connect();
 }
 
+TEST_P(TlsConnectGenericPre13, PreferredFfdhe) {
+  EnableOnlyDheCiphers();
+  static const SSLDHEGroupType groups[] = {
+    ssl_ff_dhe_3072_group, ssl_ff_dhe_2048_group
+  };
+  EXPECT_EQ(SECSuccess,
+            SSL_DHEGroupPrefSet(server_->ssl_fd(), groups,
+                                PR_ARRAY_SIZE(groups)));
+
+  Connect();
+  CheckKeys(ssl_kea_dh, ssl_auth_rsa_sign, 3072);
+}
+
 #ifdef NSS_ENABLE_TLS_1_3
 
 TEST_P(TlsConnectTls13, ResumeFfdhe) {
   EnableOnlyDheCiphers();
   ConfigureSessionCache(RESUME_BOTH, RESUME_TICKET);
   Connect();
   SendReceive(); // Need to read so that we absorb the session ticket.
   CheckKeys(ssl_kea_dh, ssl_auth_rsa_sign);
--- a/security/nss/external_tests/ssl_gtest/tls_agent.cc
+++ b/security/nss/external_tests/ssl_gtest/tls_agent.cc
@@ -356,35 +356,38 @@ void TlsAgent::SetSignatureAlgorithms(co
         algorithms[j].hashAlg == configuredAlgorithms[i].hashAlg &&
         algorithms[j].sigAlg == configuredAlgorithms[i].sigAlg) {
       ++i;
     }
   }
   EXPECT_EQ(i, configuredCount) << "algorithms in use were all set";
 }
 
-void TlsAgent::CheckKEAType(SSLKEAType type) const {
+void TlsAgent::CheckKEA(SSLKEAType type, size_t kea_size) const {
   EXPECT_EQ(STATE_CONNECTED, state_);
   EXPECT_EQ(type, csinfo_.keaType);
+  EXPECT_EQ(kea_size, info_.keaKeyBits);
+}
 
+void TlsAgent::CheckKEA(SSLKEAType type) const {
   PRUint32 ecKEAKeyBits = SSLInt_DetermineKEABits(server_key_bits_,
                                                   csinfo_.authType);
-
   switch (type) {
-      case ssl_kea_ecdh:
-          EXPECT_EQ(ecKEAKeyBits, info_.keaKeyBits);
-          break;
-      case ssl_kea_dh:
-          EXPECT_EQ(2048U, info_.keaKeyBits);
-          break;
-      case ssl_kea_rsa:
-          EXPECT_EQ(server_key_bits_, info_.keaKeyBits);
-          break;
-      default:
-          break;
+    case ssl_kea_ecdh:
+      CheckKEA(type, ecKEAKeyBits);
+      break;
+    case ssl_kea_dh:
+      CheckKEA(type, 2048);
+      break;
+    case ssl_kea_rsa:
+      CheckKEA(type, server_key_bits_);
+      break;
+    default:
+      EXPECT_TRUE(false) << "Unknown KEA type";
+      break;
   }
 }
 
 void TlsAgent::CheckAuthType(SSLAuthType type) const {
   EXPECT_EQ(STATE_CONNECTED, state_);
   EXPECT_EQ(type, csinfo_.authType);
   EXPECT_EQ(server_key_bits_, info_.authKeyBits);
 
--- a/security/nss/external_tests/ssl_gtest/tls_agent.h
+++ b/security/nss/external_tests/ssl_gtest/tls_agent.h
@@ -74,17 +74,18 @@ class TlsAgent : public PollTarget {
   void SetPeer(TlsAgent* peer) { adapter_->SetPeer(peer->adapter_); }
 
   void SetPacketFilter(PacketFilter* filter) {
     adapter_->SetPacketFilter(filter);
   }
 
 
   void StartConnect(PRFileDesc *model = nullptr);
-  void CheckKEAType(SSLKEAType type) const;
+  void CheckKEA(SSLKEAType type) const;
+  void CheckKEA(SSLKEAType type, size_t kea_size) const;
   void CheckAuthType(SSLAuthType type) const;
 
   void DisableAllCiphers();
   void EnableCiphersByAuthType(SSLAuthType authType);
   void EnableCiphersByKeyExchange(SSLKEAType kea);
   void EnableSingleCipher(uint16_t cipher);
 
   void Handshake();
--- a/security/nss/external_tests/ssl_gtest/tls_connect.cc
+++ b/security/nss/external_tests/ssl_gtest/tls_connect.cc
@@ -278,22 +278,28 @@ void TlsConnectTestBase::CheckConnected(
 
   CheckExtendedMasterSecret();
   CheckEarlyDataAccepted();
   CheckResumption(expected_resumption_mode_);
   client_->CheckSecretsDestroyed();
   server_->CheckSecretsDestroyed();
 }
 
-void TlsConnectTestBase::CheckKeys(SSLKEAType keaType,
-                                   SSLAuthType authType) const {
-  client_->CheckKEAType(keaType);
-  server_->CheckKEAType(keaType);
-  client_->CheckAuthType(authType);
-  server_->CheckAuthType(authType);
+void TlsConnectTestBase::CheckKeys(SSLKEAType kea_type,
+                                   SSLAuthType auth_type,
+                                   size_t kea_size) const {
+  if (kea_size) {
+    client_->CheckKEA(kea_type, kea_size);
+    server_->CheckKEA(kea_type, kea_size);
+  } else {
+    client_->CheckKEA(kea_type);
+    server_->CheckKEA(kea_type);
+  }
+  client_->CheckAuthType(auth_type);
+  server_->CheckAuthType(auth_type);
 }
 
 void TlsConnectTestBase::ConnectExpectFail() {
   server_->StartConnect();
   client_->StartConnect();
   Handshake();
   ASSERT_EQ(TlsAgent::STATE_ERROR, client_->state());
   ASSERT_EQ(TlsAgent::STATE_ERROR, server_->state());
--- a/security/nss/external_tests/ssl_gtest/tls_connect.h
+++ b/security/nss/external_tests/ssl_gtest/tls_connect.h
@@ -63,17 +63,18 @@ class TlsConnectTestBase : public ::test
   void Handshake();
   // Connect and check that it works.
   void Connect();
   // Check that the connection was successfully established.
   void CheckConnected();
   // Connect and expect it to fail.
   void ConnectExpectFail();
   void ConnectWithCipherSuite(uint16_t cipher_suite);
-  void CheckKeys(SSLKEAType akeyType, SSLAuthType authType) const;
+  void CheckKeys(SSLKEAType kea_type, SSLAuthType auth_type,
+                 size_t kea_size = 0) const;
 
   void SetExpectedVersion(uint16_t version);
   // Expect resumption of a particular type.
   void ExpectResumption(SessionResumptionMode expected);
   void DisableAllCiphers();
   void EnableOnlyStaticRsaCiphers();
   void EnableOnlyDheCiphers();
   void EnableSomeEcdhCiphers();
--- a/security/nss/lib/ckfw/builtins/certdata.txt
+++ b/security/nss/lib/ckfw/builtins/certdata.txt
@@ -30125,8 +30125,172 @@ END
 CKA_SERIAL_NUMBER MULTILINE_OCTAL
 \002\022\021\040\346\370\114\374\044\260\276\005\100\254\332\203
 \033\064\140\077
 END
 CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
 CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
 CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
+
+#
+# Certificate "ISRG Root X1"
+#
+# Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US
+# Serial Number:00:82:10:cf:b0:d2:40:e3:59:44:63:e0:bb:63:82:8b:00
+# Subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US
+# Not Valid Before: Thu Jun 04 11:04:38 2015
+# Not Valid After : Mon Jun 04 11:04:38 2035
+# Fingerprint (SHA-256): 96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6
+# Fingerprint (SHA1): CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8
+CKA_CLASS CK_OBJECT_CLASS CKO_CERTIFICATE
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "ISRG Root X1"
+CKA_CERTIFICATE_TYPE CK_CERTIFICATE_TYPE CKC_X_509
+CKA_SUBJECT MULTILINE_OCTAL
+\060\117\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\051\060\047\006\003\125\004\012\023\040\111\156\164\145\162\156
+\145\164\040\123\145\143\165\162\151\164\171\040\122\145\163\145
+\141\162\143\150\040\107\162\157\165\160\061\025\060\023\006\003
+\125\004\003\023\014\111\123\122\107\040\122\157\157\164\040\130
+\061
+END
+CKA_ID UTF8 "0"
+CKA_ISSUER MULTILINE_OCTAL
+\060\117\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\051\060\047\006\003\125\004\012\023\040\111\156\164\145\162\156
+\145\164\040\123\145\143\165\162\151\164\171\040\122\145\163\145
+\141\162\143\150\040\107\162\157\165\160\061\025\060\023\006\003
+\125\004\003\023\014\111\123\122\107\040\122\157\157\164\040\130
+\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\202\020\317\260\322\100\343\131\104\143\340\273\143
+\202\213\000
+END
+CKA_VALUE MULTILINE_OCTAL
+\060\202\005\153\060\202\003\123\240\003\002\001\002\002\021\000
+\202\020\317\260\322\100\343\131\104\143\340\273\143\202\213\000
+\060\015\006\011\052\206\110\206\367\015\001\001\013\005\000\060
+\117\061\013\060\011\006\003\125\004\006\023\002\125\123\061\051
+\060\047\006\003\125\004\012\023\040\111\156\164\145\162\156\145
+\164\040\123\145\143\165\162\151\164\171\040\122\145\163\145\141
+\162\143\150\040\107\162\157\165\160\061\025\060\023\006\003\125
+\004\003\023\014\111\123\122\107\040\122\157\157\164\040\130\061
+\060\036\027\015\061\065\060\066\060\064\061\061\060\064\063\070
+\132\027\015\063\065\060\066\060\064\061\061\060\064\063\070\132
+\060\117\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\051\060\047\006\003\125\004\012\023\040\111\156\164\145\162\156
+\145\164\040\123\145\143\165\162\151\164\171\040\122\145\163\145
+\141\162\143\150\040\107\162\157\165\160\061\025\060\023\006\003
+\125\004\003\023\014\111\123\122\107\040\122\157\157\164\040\130
+\061\060\202\002\042\060\015\006\011\052\206\110\206\367\015\001
+\001\001\005\000\003\202\002\017\000\060\202\002\012\002\202\002
+\001\000\255\350\044\163\364\024\067\363\233\236\053\127\050\034
+\207\276\334\267\337\070\220\214\156\074\346\127\240\170\367\165
+\302\242\376\365\152\156\366\000\117\050\333\336\150\206\154\104
+\223\266\261\143\375\024\022\153\277\037\322\352\061\233\041\176
+\321\063\074\272\110\365\335\171\337\263\270\377\022\361\041\232
+\113\301\212\206\161\151\112\146\146\154\217\176\074\160\277\255
+\051\042\006\363\344\300\346\200\256\342\113\217\267\231\176\224
+\003\237\323\107\227\174\231\110\043\123\350\070\256\117\012\157
+\203\056\321\111\127\214\200\164\266\332\057\320\070\215\173\003
+\160\041\033\165\362\060\074\372\217\256\335\332\143\253\353\026
+\117\302\216\021\113\176\317\013\350\377\265\167\056\364\262\173
+\112\340\114\022\045\014\160\215\003\051\240\341\123\044\354\023
+\331\356\031\277\020\263\112\214\077\211\243\141\121\336\254\207
+\007\224\364\143\161\354\056\342\157\133\230\201\341\211\134\064
+\171\154\166\357\073\220\142\171\346\333\244\232\057\046\305\320
+\020\341\016\336\331\020\216\026\373\267\367\250\367\307\345\002
+\007\230\217\066\010\225\347\342\067\226\015\066\165\236\373\016
+\162\261\035\233\274\003\371\111\005\330\201\335\005\264\052\326
+\101\351\254\001\166\225\012\017\330\337\325\275\022\037\065\057
+\050\027\154\322\230\301\250\011\144\167\156\107\067\272\316\254
+\131\136\150\235\177\162\326\211\305\006\101\051\076\131\076\335
+\046\365\044\311\021\247\132\243\114\100\037\106\241\231\265\247
+\072\121\156\206\073\236\175\162\247\022\005\170\131\355\076\121
+\170\025\013\003\217\215\320\057\005\262\076\173\112\034\113\163
+\005\022\374\306\352\340\120\023\174\103\223\164\263\312\164\347
+\216\037\001\010\320\060\324\133\161\066\264\007\272\301\060\060
+\134\110\267\202\073\230\246\175\140\212\242\243\051\202\314\272
+\275\203\004\033\242\203\003\101\241\326\005\361\033\302\266\360
+\250\174\206\073\106\250\110\052\210\334\166\232\166\277\037\152
+\245\075\031\217\353\070\363\144\336\310\053\015\012\050\377\367
+\333\342\025\102\324\042\320\047\135\341\171\376\030\347\160\210
+\255\116\346\331\213\072\306\335\047\121\156\377\274\144\365\063
+\103\117\002\003\001\000\001\243\102\060\100\060\016\006\003\125
+\035\017\001\001\377\004\004\003\002\001\006\060\017\006\003\125
+\035\023\001\001\377\004\005\060\003\001\001\377\060\035\006\003
+\125\035\016\004\026\004\024\171\264\131\346\173\266\345\344\001
+\163\200\010\210\310\032\130\366\351\233\156\060\015\006\011\052
+\206\110\206\367\015\001\001\013\005\000\003\202\002\001\000\125
+\037\130\251\274\262\250\120\320\014\261\330\032\151\040\047\051
+\010\254\141\165\134\212\156\370\202\345\151\057\325\366\126\113
+\271\270\163\020\131\323\041\227\176\347\114\161\373\262\322\140
+\255\071\250\013\352\027\041\126\205\361\120\016\131\353\316\340
+\131\351\272\311\025\357\206\235\217\204\200\366\344\351\221\220
+\334\027\233\142\033\105\360\146\225\322\174\157\302\352\073\357
+\037\317\313\326\256\047\361\251\260\310\256\375\175\176\232\372
+\042\004\353\377\331\177\352\221\053\042\261\027\016\217\362\212
+\064\133\130\330\374\001\311\124\271\270\046\314\212\210\063\211
+\114\055\204\074\202\337\356\226\127\005\272\054\273\367\304\267
+\307\116\073\202\276\061\310\042\163\163\222\321\302\200\244\071
+\071\020\063\043\202\114\074\237\206\262\125\230\035\276\051\206
+\214\042\233\236\342\153\073\127\072\202\160\115\334\011\307\211
+\313\012\007\115\154\350\135\216\311\357\316\253\307\273\265\053
+\116\105\326\112\320\046\314\345\162\312\010\152\245\225\343\025
+\241\367\244\355\311\054\137\245\373\377\254\050\002\056\276\327
+\173\273\343\161\173\220\026\323\007\136\106\123\174\067\007\102
+\214\323\304\226\234\325\231\265\052\340\225\032\200\110\256\114
+\071\007\316\314\107\244\122\225\053\272\270\373\255\322\063\123
+\175\345\035\115\155\325\241\261\307\102\157\346\100\047\065\134
+\243\050\267\007\215\347\215\063\220\347\043\237\373\120\234\171
+\154\106\325\264\025\263\226\156\176\233\014\226\072\270\122\055
+\077\326\133\341\373\010\302\204\376\044\250\243\211\332\254\152
+\341\030\052\261\250\103\141\133\323\037\334\073\215\166\362\055
+\350\215\165\337\027\063\154\075\123\373\173\313\101\137\377\334
+\242\320\141\070\341\226\270\254\135\213\067\327\165\325\063\300
+\231\021\256\235\101\301\162\165\204\276\002\101\102\137\147\044
+\110\224\321\233\047\276\007\077\271\270\117\201\164\121\341\172
+\267\355\235\043\342\276\340\325\050\004\023\074\061\003\236\335
+\172\154\217\306\007\030\306\177\336\107\216\077\050\236\004\006
+\317\245\124\064\167\275\354\211\233\351\027\103\337\133\333\137
+\376\216\036\127\242\315\100\235\176\142\042\332\336\030\047
+END
+
+# Trust for "ISRG Root X1"
+# Issuer: CN=ISRG Root X1,O=Internet Security Research Group,C=US
+# Serial Number:00:82:10:cf:b0:d2:40:e3:59:44:63:e0:bb:63:82:8b:00
+# Subject: CN=ISRG Root X1,O=Internet Security Research Group,C=US
+# Not Valid Before: Thu Jun 04 11:04:38 2015
+# Not Valid After : Mon Jun 04 11:04:38 2035
+# Fingerprint (SHA-256): 96:BC:EC:06:26:49:76:F3:74:60:77:9A:CF:28:C5:A7:CF:E8:A3:C0:AA:E1:1A:8F:FC:EE:05:C0:BD:DF:08:C6
+# Fingerprint (SHA1): CA:BD:2A:79:A1:07:6A:31:F2:1D:25:36:35:CB:03:9D:43:29:A5:E8
+CKA_CLASS CK_OBJECT_CLASS CKO_NSS_TRUST
+CKA_TOKEN CK_BBOOL CK_TRUE
+CKA_PRIVATE CK_BBOOL CK_FALSE
+CKA_MODIFIABLE CK_BBOOL CK_FALSE
+CKA_LABEL UTF8 "ISRG Root X1"
+CKA_CERT_SHA1_HASH MULTILINE_OCTAL
+\312\275\052\171\241\007\152\061\362\035\045\066\065\313\003\235
+\103\051\245\350
+END
+CKA_CERT_MD5_HASH MULTILINE_OCTAL
+\014\322\371\340\332\027\163\351\355\206\115\245\343\160\347\116
+END
+CKA_ISSUER MULTILINE_OCTAL
+\060\117\061\013\060\011\006\003\125\004\006\023\002\125\123\061
+\051\060\047\006\003\125\004\012\023\040\111\156\164\145\162\156
+\145\164\040\123\145\143\165\162\151\164\171\040\122\145\163\145
+\141\162\143\150\040\107\162\157\165\160\061\025\060\023\006\003
+\125\004\003\023\014\111\123\122\107\040\122\157\157\164\040\130
+\061
+END
+CKA_SERIAL_NUMBER MULTILINE_OCTAL
+\002\021\000\202\020\317\260\322\100\343\131\104\143\340\273\143
+\202\213\000
+END
+CKA_TRUST_SERVER_AUTH CK_TRUST CKT_NSS_TRUSTED_DELEGATOR
+CKA_TRUST_EMAIL_PROTECTION CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_CODE_SIGNING CK_TRUST CKT_NSS_MUST_VERIFY_TRUST
+CKA_TRUST_STEP_UP_APPROVED CK_BBOOL CK_FALSE
--- a/security/nss/lib/ckfw/builtins/nssckbi.h
+++ b/security/nss/lib/ckfw/builtins/nssckbi.h
@@ -40,18 +40,18 @@
  *     ...
  *   - NSS 3.29 branch: 250-255
  *
  * NSS_BUILTINS_LIBRARY_VERSION_MINOR is a CK_BYTE.  It's not clear
  * whether we may use its full range (0-255) or only 0-99 because
  * of the comment in the CK_VERSION type definition.
  */
 #define NSS_BUILTINS_LIBRARY_VERSION_MAJOR 2
-#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 8
-#define NSS_BUILTINS_LIBRARY_VERSION "2.8"
+#define NSS_BUILTINS_LIBRARY_VERSION_MINOR 9
+#define NSS_BUILTINS_LIBRARY_VERSION "2.9"
 
 /* These version numbers detail the semantic changes to the ckfw engine. */
 #define NSS_BUILTINS_HARDWARE_VERSION_MAJOR 1
 #define NSS_BUILTINS_HARDWARE_VERSION_MINOR 0
 
 /* These version numbers detail the semantic changes to ckbi itself
  * (new PKCS #11 objects), etc. */
 #define NSS_BUILTINS_FIRMWARE_VERSION_MAJOR 1
--- a/security/nss/lib/ssl/sslimpl.h
+++ b/security/nss/lib/ssl/sslimpl.h
@@ -1080,16 +1080,17 @@ struct ssl3StateStr {
     PRUint16 mtu; /* Our estimate of the MTU */
 
     /* DTLS-SRTP cipher suite preferences (if any) */
     PRUint16 dtlsSRTPCiphers[MAX_DTLS_SRTP_CIPHER_SUITES];
     PRUint16 dtlsSRTPCipherCount;
     PRUint16 dtlsSRTPCipherSuite; /* 0 if not selected */
     PRBool fatalAlertSent;
     PRBool dheWeakGroupEnabled; /* used by server */
+    const namedGroupDef *dhePreferredGroup;
 
     /* TLS 1.2 introduces separate signature algorithm negotiation.
      * This is our preference order. */
     SSLSignatureAndHashAlg signatureAlgorithms[MAX_SIGNATURE_ALGORITHMS];
     unsigned int signatureAlgorithmCount;
 
     /* The version to check if we fell back from our highest version
      * of TLS. Default is 0 in which case we check against the maximum
--- a/security/nss/lib/ssl/sslsock.c
+++ b/security/nss/lib/ssl/sslsock.c
@@ -1521,16 +1521,17 @@ SSL_DHEGroupPrefSet(PRFileDesc *fd,
     }
 
     supportedGroups = ss->namedGroups;
     for (i = 0; i < ssl_named_group_count; ++i) {
         if (ssl_named_groups[i].type == group_type_ff) {
             supportedGroups &= ~(1U << ssl_named_groups[i].index);
         }
     }
+    ss->ssl3.dhePreferredGroup = NULL;
     for (i = 0; i < count; ++i) {
         NamedGroup name;
         const namedGroupDef *groupDef;
         switch (list[i]) {
             case ssl_ff_dhe_2048_group:
                 name = ffdhe_2048;
                 break;
             case ssl_ff_dhe_3072_group:
@@ -1546,16 +1547,19 @@ SSL_DHEGroupPrefSet(PRFileDesc *fd,
                 name = ffdhe_8192;
                 break;
             default:
                 PORT_SetError(SEC_ERROR_INVALID_ARGS);
                 return SECFailure;
         }
         groupDef = ssl_LookupNamedGroup(name);
         PORT_Assert(groupDef);
+        if (!ss->ssl3.dhePreferredGroup) {
+            ss->ssl3.dhePreferredGroup = groupDef;
+        }
         supportedGroups |= (1U << groupDef->index);
     }
     ss->namedGroups = supportedGroups;
     return SECSuccess;
 }
 
 PRCallOnceType gWeakDHParamsRegisterOnce;
 int gWeakDHParamsRegisterError;
@@ -1790,16 +1794,22 @@ ssl_SelectDHEParams(sslSocket *ss,
     if (ss->ssl3.dheWeakGroupEnabled &&
         ss->version < SSL_LIBRARY_VERSION_TLS_1_3 &&
         !ss->ssl3.hs.peerSupportsFfdheGroups) {
         PORT_Assert(gWeakDHParams);
         *groupDef = &weak_group_def;
         *params = gWeakDHParams;
         return SECSuccess;
     }
+    if (ss->ssl3.dhePreferredGroup &&
+        ssl_NamedGroupEnabled(ss, ss->ssl3.dhePreferredGroup)) {
+        *groupDef = ss->ssl3.dhePreferredGroup;
+        *params = ssl_GetDHEParams(ss->ssl3.dhePreferredGroup);
+        return SECSuccess;
+    }
     for (i = 0; i < ssl_named_group_count; ++i) {
         if (ssl_named_groups[i].type == group_type_ff &&
             ssl_NamedGroupEnabled(ss, &ssl_named_groups[i])) {
             *groupDef = &ssl_named_groups[i];
             *params = ssl_GetDHEParams(&ssl_named_groups[i]);
             return SECSuccess;
         }
     }