Bug 1310061: avoid interop issues with SHA384. r=mt, a=ritu
☠☠ backed out by 28693367b106 ☠ ☠
authorNils Ohlmeier [:drno] <drno@ohlmeier.org>
Fri, 14 Oct 2016 11:49:32 -0700
changeset 356201 c152fb1bc58813c7c88ae26be43c308b5c330544
parent 356200 66d78c1bcadcb7bbfc8f5f5158ad32a750ecf21c
child 356202 d8b1f7bfc29e21a017216254c335714ef4c2b45c
push id6570
push userraliiev@mozilla.com
push dateMon, 14 Nov 2016 12:26:13 +0000
treeherdermozilla-beta@f455459b2ae5 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmt, ritu
bugs1310061
milestone51.0a2
Bug 1310061: avoid interop issues with SHA384. r=mt, a=ritu MozReview-Commit-ID: 67cJdDWCMAs
media/mtransport/transportlayerdtls.cpp
--- a/media/mtransport/transportlayerdtls.cpp
+++ b/media/mtransport/transportlayerdtls.cpp
@@ -667,16 +667,25 @@ static const uint32_t EnabledCiphers[] =
   TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
 };
 
 // Disable all NSS suites modes without PFS or with old and rusty ciphersuites.
 // Anything outside this list is governed by the usual combination of policy
 // and user preferences.
 static const uint32_t DisabledCiphers[] = {
+  // Bug 1310061: disable all SHA384 ciphers until fixed
+  TLS_AES_256_GCM_SHA384,
+  TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
+  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
+  TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
+
   TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
   TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
   TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
   TLS_ECDHE_RSA_WITH_RC4_128_SHA,
 
   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
   TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
   TLS_DHE_DSS_WITH_RC4_128_SHA,