Bug 1061273 - Follow-up: Fix cipher suites for Sync 1.1. r=nalexander, a=lizzard
authorRichard Newman <rnewman@mozilla.com>
Fri, 05 Jun 2015 15:50:45 -0700
changeset 266225 dd38d3ccbacd
parent 266224 b36c17437332
child 266226 8de5d18494ab
push id4792
push userryanvm@gmail.com
push date2015-06-10 20:30 +0000
treeherdermozilla-beta@f137fedd1455 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersnalexander, lizzard
bugs1061273
milestone39.0
Bug 1061273 - Follow-up: Fix cipher suites for Sync 1.1. r=nalexander, a=lizzard The suites used for 20+ didn't intersect with the supported suites on the ZLBs. We now use the same suites across all versions, and they intersect.
mobile/android/base/background/common/GlobalConstants.java
--- a/mobile/android/base/background/common/GlobalConstants.java
+++ b/mobile/android/base/background/common/GlobalConstants.java
@@ -65,39 +65,46 @@ public class GlobalConstants {
           {
            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",   // 20+
            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",     // 20+
            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256",     // 20+
            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",        // 11+
            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",     // 20+
            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",     // 20+
            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",        // 11+
+           
+           // For Sync 1.1.
+           "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",  // 9+
+           "TLS_RSA_WITH_AES_128_CBC_SHA",      // 9+
           };
     } else if (Versions.feature11Plus) {
       DEFAULT_CIPHER_SUITES = new String[]
           {
            "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA",        // 11+
            "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA",      // 11+
            "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",        // 11+
-           "TLS_RSA_WITH_AES_256_CBC_SHA",              // 9+
+           
+           // For Sync 1.1.
+           "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",  // 9+
+           "TLS_RSA_WITH_AES_128_CBC_SHA",      // 9+
           };
     } else {       // 9+
       // Fall back to the only half-decent cipher suites supported on Gingerbread.
       // N.B., there appears to be *no overlap* between the ELB 2015-05 default
       // suites and Gingerbread. A custom configuration is needed if moving beyond
       // the 2015-03 defaults.
       DEFAULT_CIPHER_SUITES = new String[]
           {
            // This is for Sync 1.5 on ELB 2015-03.
            "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",
            "TLS_DHE_DSS_WITH_AES_128_CBC_SHA",
 
            // This is for Sync 1.1.
-           "TLS_DHE_RSA_WITH_AES_256_CBC_SHA",          // 9+
-           "TLS_RSA_WITH_AES_256_CBC_SHA",              // 9+
+           "TLS_DHE_RSA_WITH_AES_128_CBC_SHA",  // 9+
+           "TLS_RSA_WITH_AES_128_CBC_SHA",      // 9+
           };
     }
 
     if (Versions.feature16Plus) {
       DEFAULT_PROTOCOLS = new String[]
           {
            "TLSv1.2",
            "TLSv1.1",