Bug 1310061 - Avoid interop issues with SHA384. r=mt, a=ritu
authorNils Ohlmeier [:drno] <drno@ohlmeier.org>
Fri, 14 Oct 2016 11:49:32 -0700
changeset 358448 47b221aee73a3db561df68622c14b1008123656c
parent 358447 188c28fdb1aadfbed95a18811eb1476fb50ff3db
child 358449 ad173f0c74519558ac3265597f18f5f3f5547766
push id1324
push usermtabara@mozilla.com
push dateMon, 16 Jan 2017 13:07:44 +0000
treeherdermozilla-release@a01c49833940 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmt, ritu
bugs1310061
milestone51.0a2
Bug 1310061 - Avoid interop issues with SHA384. r=mt, a=ritu MozReview-Commit-ID: 67cJdDWCMAs
media/mtransport/transportlayerdtls.cpp
--- a/media/mtransport/transportlayerdtls.cpp
+++ b/media/mtransport/transportlayerdtls.cpp
@@ -667,16 +667,24 @@ static const uint32_t EnabledCiphers[] =
   TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
 };
 
 // Disable all NSS suites modes without PFS or with old and rusty ciphersuites.
 // Anything outside this list is governed by the usual combination of policy
 // and user preferences.
 static const uint32_t DisabledCiphers[] = {
+  // Bug 1310061: disable all SHA384 ciphers until fixed
+  TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+  TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,
+  TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,
+  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
+  TLS_DHE_DSS_WITH_AES_256_GCM_SHA384,
+
   TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA,
   TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
   TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
   TLS_ECDHE_RSA_WITH_RC4_128_SHA,
 
   TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
   TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
   TLS_DHE_DSS_WITH_RC4_128_SHA,