Bug 1310061: avoid interop issues with SHA384. r=mt
authorNils Ohlmeier [:drno] <drno@ohlmeier.org>
Fri, 14 Oct 2016 11:49:32 -0700
changeset 361014 60695923e60db47f2abc48eaf1c31c0c666c5cf9
parent 361013 d1df9be64050db7840966551eb3e1e762d3a632e
child 361015 740ac30f5bb2da280611976d36aeced3a74c8f14
push id6795
push userjlund@mozilla.com
push dateMon, 23 Jan 2017 14:19:46 +0000
treeherdermozilla-beta@76101b503191 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmt
bugs1310061
milestone52.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1310061: avoid interop issues with SHA384. r=mt MozReview-Commit-ID: 67cJdDWCMAs
media/mtransport/transportlayerdtls.cpp
--- a/media/mtransport/transportlayerdtls.cpp
+++ b/media/mtransport/transportlayerdtls.cpp
@@ -683,16 +683,25 @@ static const uint32_t EnabledCiphers[] =
   TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
 };
 
 // Disable all NSS suites modes without PFS or with old and rusty ciphersuites.
 // Anything outside this list is governed by the usual combination of policy
 // and user preferences.
 static const uint32_t DisabledCiphers[] = {
+  // Bug 1310061: disable all SHA384 ciphers until fixed
+  TLS_AES_256_GCM_SHA384,
+  TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
+  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
+  TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
+
   TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
   TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
   TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
   TLS_ECDHE_RSA_WITH_RC4_128_SHA,
 
   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
   TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
   TLS_DHE_DSS_WITH_RC4_128_SHA,