Loading changes/ff28_ciphers 0 → 100644 +6 −0 Original line number Diff line number Diff line o Minor features (performance, compatibility): - Update the list of TLS cipehrsuites that a client advertises to match those advertised by Firefox 28. This enables selection of (fast) GCM ciphersuites, disables some strange old ciphers, and disables the ECDH (not to be confused with ECDHE) ciphersuites. Resolves ticket 11438. src/common/ciphers.inc +54 −115 Original line number Diff line number Diff line Loading @@ -4,86 +4,51 @@ * * This file was automatically generated by get_mozilla_ciphers.py. */ #ifdef TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA CIPHER(0xc00a, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA) #else XCIPHER(0xc00a, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA) #endif #ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA CIPHER(0xc014, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA) #else XCIPHER(0xc014, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA) #endif #ifdef TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA CIPHER(0x0088, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA) #else XCIPHER(0x0088, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA) #endif #ifdef TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA CIPHER(0x0087, TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA) #ifdef TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 CIPHER(0xc02b, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) #else XCIPHER(0x0087, TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA) XCIPHER(0xc02b, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) #endif #ifdef TLS1_TXT_DHE_RSA_WITH_AES_256_SHA CIPHER(0x0039, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA) #ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 CIPHER(0xc02f, TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256) #else XCIPHER(0x0039, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA) XCIPHER(0xc02f, TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256) #endif #ifdef TLS1_TXT_DHE_DSS_WITH_AES_256_SHA CIPHER(0x0038, TLS1_TXT_DHE_DSS_WITH_AES_256_SHA) #ifdef TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA CIPHER(0xc00a, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA) #else XCIPHER(0x0038, TLS1_TXT_DHE_DSS_WITH_AES_256_SHA) XCIPHER(0xc00a, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA) #endif #ifdef TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA CIPHER(0xc00f, TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA) #ifdef TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA CIPHER(0xc009, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA) #else XCIPHER(0xc00f, TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA) XCIPHER(0xc009, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA) #endif #ifdef TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA CIPHER(0xc005, TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA) #ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA CIPHER(0xc013, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA) #else XCIPHER(0xc005, TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA) XCIPHER(0xc013, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA) #endif #ifdef TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA CIPHER(0x0084, TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA) #ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA CIPHER(0xc014, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA) #else XCIPHER(0x0084, TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA) XCIPHER(0xc014, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA) #endif #ifdef TLS1_TXT_RSA_WITH_AES_256_SHA CIPHER(0x0035, TLS1_TXT_RSA_WITH_AES_256_SHA) #ifdef TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA CIPHER(0xc012, TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA) #else XCIPHER(0x0035, TLS1_TXT_RSA_WITH_AES_256_SHA) XCIPHER(0xc012, TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA) #endif #ifdef TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA CIPHER(0xc007, TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA) #else XCIPHER(0xc007, TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA) #endif #ifdef TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA CIPHER(0xc009, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA) #else XCIPHER(0xc009, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA) #endif #ifdef TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA CIPHER(0xc011, TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA) #else XCIPHER(0xc011, TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA) #endif #ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA CIPHER(0xc013, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA) #else XCIPHER(0xc013, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA) #endif #ifdef TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA CIPHER(0x0045, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA) #else XCIPHER(0x0045, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA) #endif #ifdef TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA CIPHER(0x0044, TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA) #else XCIPHER(0x0044, TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA) #endif #ifdef TLS1_TXT_DHE_RSA_WITH_AES_128_SHA CIPHER(0x0033, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA) #else Loading @@ -94,89 +59,63 @@ #else XCIPHER(0x0032, TLS1_TXT_DHE_DSS_WITH_AES_128_SHA) #endif #ifdef TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA CIPHER(0xc00c, TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA) #else XCIPHER(0xc00c, TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA) #endif #ifdef TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA CIPHER(0xc00e, TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA) #else XCIPHER(0xc00e, TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA) #endif #ifdef TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA CIPHER(0xc002, TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA) #else XCIPHER(0xc002, TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA) #endif #ifdef TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA CIPHER(0xc004, TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA) #ifdef TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA CIPHER(0x0045, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA) #else XCIPHER(0xc004, TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA) XCIPHER(0x0045, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA) #endif #ifdef TLS1_TXT_RSA_WITH_SEED_SHA CIPHER(0x0096, TLS1_TXT_RSA_WITH_SEED_SHA) #ifdef TLS1_TXT_DHE_RSA_WITH_AES_256_SHA CIPHER(0x0039, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA) #else XCIPHER(0x0096, TLS1_TXT_RSA_WITH_SEED_SHA) XCIPHER(0x0039, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA) #endif #ifdef TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA CIPHER(0x0041, TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA) #ifdef TLS1_TXT_DHE_DSS_WITH_AES_256_SHA CIPHER(0x0038, TLS1_TXT_DHE_DSS_WITH_AES_256_SHA) #else XCIPHER(0x0041, TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA) XCIPHER(0x0038, TLS1_TXT_DHE_DSS_WITH_AES_256_SHA) #endif #ifdef SSL3_TXT_RSA_RC4_128_MD5 CIPHER(0x0004, SSL3_TXT_RSA_RC4_128_MD5) #ifdef TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA CIPHER(0x0088, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA) #else XCIPHER(0x0004, SSL3_TXT_RSA_RC4_128_MD5) XCIPHER(0x0088, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA) #endif #ifdef SSL3_TXT_RSA_RC4_128_SHA CIPHER(0x0005, SSL3_TXT_RSA_RC4_128_SHA) #ifdef SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA CIPHER(0x0016, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA) #else XCIPHER(0x0005, SSL3_TXT_RSA_RC4_128_SHA) XCIPHER(0x0016, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA) #endif #ifdef TLS1_TXT_RSA_WITH_AES_128_SHA CIPHER(0x002f, TLS1_TXT_RSA_WITH_AES_128_SHA) #else XCIPHER(0x002f, TLS1_TXT_RSA_WITH_AES_128_SHA) #endif #ifdef TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA CIPHER(0xc008, TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA) #else XCIPHER(0xc008, TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA) #endif #ifdef TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA CIPHER(0xc012, TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA) #else XCIPHER(0xc012, TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA) #endif #ifdef SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA CIPHER(0x0016, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA) #ifdef TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA CIPHER(0x0041, TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA) #else XCIPHER(0x0016, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA) XCIPHER(0x0041, TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA) #endif #ifdef SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA CIPHER(0x0013, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA) #ifdef TLS1_TXT_RSA_WITH_AES_256_SHA CIPHER(0x0035, TLS1_TXT_RSA_WITH_AES_256_SHA) #else XCIPHER(0x0013, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA) XCIPHER(0x0035, TLS1_TXT_RSA_WITH_AES_256_SHA) #endif #ifdef TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA CIPHER(0xc00d, TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA) #ifdef TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA CIPHER(0x0084, TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA) #else XCIPHER(0xc00d, TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA) XCIPHER(0x0084, TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA) #endif #ifdef TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA CIPHER(0xc003, TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA) #ifdef SSL3_TXT_RSA_DES_192_CBC3_SHA CIPHER(0x000a, SSL3_TXT_RSA_DES_192_CBC3_SHA) #else XCIPHER(0xc003, TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA) XCIPHER(0x000a, SSL3_TXT_RSA_DES_192_CBC3_SHA) #endif /* No openssl macro found for 0xfeff */ #ifdef SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA CIPHER(0xfeff, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA) #ifdef SSL3_TXT_RSA_RC4_128_SHA CIPHER(0x0005, SSL3_TXT_RSA_RC4_128_SHA) #else XCIPHER(0xfeff, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA) XCIPHER(0x0005, SSL3_TXT_RSA_RC4_128_SHA) #endif #ifdef SSL3_TXT_RSA_DES_192_CBC3_SHA CIPHER(0x000a, SSL3_TXT_RSA_DES_192_CBC3_SHA) #ifdef SSL3_TXT_RSA_RC4_128_MD5 CIPHER(0x0004, SSL3_TXT_RSA_RC4_128_MD5) #else XCIPHER(0x000a, SSL3_TXT_RSA_DES_192_CBC3_SHA) XCIPHER(0x0004, SSL3_TXT_RSA_RC4_128_MD5) #endif src/common/get_mozilla_ciphers.py +24 −6 Original line number Diff line number Diff line Loading @@ -41,12 +41,12 @@ fileA = open(ff('security/manager/ssl/src/nsNSSComponent.cpp'),'r') inCipherSection = False cipherLines = [] for line in fileA: if line.startswith('static CipherPref CipherPrefs'): if line.startswith('static const CipherPref sCipherPrefs[]'): # Get the starting boundary of the Cipher Preferences inCipherSection = True elif inCipherSection: line = line.strip() if line.startswith('{NULL, 0}'): if line.startswith('{ nullptr, 0}'): # At the ending boundary of the Cipher Prefs break else: Loading @@ -56,10 +56,28 @@ fileA.close() # Parse the lines and put them into a dict ciphers = {} cipher_pref = {} key_pending = None for line in cipherLines: m = re.search(r'^{\s*\"([^\"]+)\",\s*(\S*)\s*}', line) m = re.search(r'^{\s*\"([^\"]+)\",\s*(\S+)\s*(?:,\s*(true|false))?\s*}', line) if m: key,value = m.groups() assert not key_pending key,value,enabled = m.groups() if enabled == 'true': ciphers[key] = value cipher_pref[value] = key continue m = re.search(r'^{\s*\"([^\"]+)\",', line) if m: assert not key_pending key_pending = m.group(1) continue m = re.search(r'^\s*(\S+)(?:,\s*(true|false))?\s*}', line) if m: assert key_pending key = key_pending value,enabled = m.groups() key_pending = None if enabled == 'true': ciphers[key] = value cipher_pref[value] = key Loading Loading
changes/ff28_ciphers 0 → 100644 +6 −0 Original line number Diff line number Diff line o Minor features (performance, compatibility): - Update the list of TLS cipehrsuites that a client advertises to match those advertised by Firefox 28. This enables selection of (fast) GCM ciphersuites, disables some strange old ciphers, and disables the ECDH (not to be confused with ECDHE) ciphersuites. Resolves ticket 11438.
src/common/ciphers.inc +54 −115 Original line number Diff line number Diff line Loading @@ -4,86 +4,51 @@ * * This file was automatically generated by get_mozilla_ciphers.py. */ #ifdef TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA CIPHER(0xc00a, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA) #else XCIPHER(0xc00a, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA) #endif #ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA CIPHER(0xc014, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA) #else XCIPHER(0xc014, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA) #endif #ifdef TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA CIPHER(0x0088, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA) #else XCIPHER(0x0088, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA) #endif #ifdef TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA CIPHER(0x0087, TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA) #ifdef TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 CIPHER(0xc02b, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) #else XCIPHER(0x0087, TLS1_TXT_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA) XCIPHER(0xc02b, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) #endif #ifdef TLS1_TXT_DHE_RSA_WITH_AES_256_SHA CIPHER(0x0039, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA) #ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 CIPHER(0xc02f, TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256) #else XCIPHER(0x0039, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA) XCIPHER(0xc02f, TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256) #endif #ifdef TLS1_TXT_DHE_DSS_WITH_AES_256_SHA CIPHER(0x0038, TLS1_TXT_DHE_DSS_WITH_AES_256_SHA) #ifdef TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA CIPHER(0xc00a, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA) #else XCIPHER(0x0038, TLS1_TXT_DHE_DSS_WITH_AES_256_SHA) XCIPHER(0xc00a, TLS1_TXT_ECDHE_ECDSA_WITH_AES_256_CBC_SHA) #endif #ifdef TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA CIPHER(0xc00f, TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA) #ifdef TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA CIPHER(0xc009, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA) #else XCIPHER(0xc00f, TLS1_TXT_ECDH_RSA_WITH_AES_256_CBC_SHA) XCIPHER(0xc009, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA) #endif #ifdef TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA CIPHER(0xc005, TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA) #ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA CIPHER(0xc013, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA) #else XCIPHER(0xc005, TLS1_TXT_ECDH_ECDSA_WITH_AES_256_CBC_SHA) XCIPHER(0xc013, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA) #endif #ifdef TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA CIPHER(0x0084, TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA) #ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA CIPHER(0xc014, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA) #else XCIPHER(0x0084, TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA) XCIPHER(0xc014, TLS1_TXT_ECDHE_RSA_WITH_AES_256_CBC_SHA) #endif #ifdef TLS1_TXT_RSA_WITH_AES_256_SHA CIPHER(0x0035, TLS1_TXT_RSA_WITH_AES_256_SHA) #ifdef TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA CIPHER(0xc012, TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA) #else XCIPHER(0x0035, TLS1_TXT_RSA_WITH_AES_256_SHA) XCIPHER(0xc012, TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA) #endif #ifdef TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA CIPHER(0xc007, TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA) #else XCIPHER(0xc007, TLS1_TXT_ECDHE_ECDSA_WITH_RC4_128_SHA) #endif #ifdef TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA CIPHER(0xc009, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA) #else XCIPHER(0xc009, TLS1_TXT_ECDHE_ECDSA_WITH_AES_128_CBC_SHA) #endif #ifdef TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA CIPHER(0xc011, TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA) #else XCIPHER(0xc011, TLS1_TXT_ECDHE_RSA_WITH_RC4_128_SHA) #endif #ifdef TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA CIPHER(0xc013, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA) #else XCIPHER(0xc013, TLS1_TXT_ECDHE_RSA_WITH_AES_128_CBC_SHA) #endif #ifdef TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA CIPHER(0x0045, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA) #else XCIPHER(0x0045, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA) #endif #ifdef TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA CIPHER(0x0044, TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA) #else XCIPHER(0x0044, TLS1_TXT_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA) #endif #ifdef TLS1_TXT_DHE_RSA_WITH_AES_128_SHA CIPHER(0x0033, TLS1_TXT_DHE_RSA_WITH_AES_128_SHA) #else Loading @@ -94,89 +59,63 @@ #else XCIPHER(0x0032, TLS1_TXT_DHE_DSS_WITH_AES_128_SHA) #endif #ifdef TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA CIPHER(0xc00c, TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA) #else XCIPHER(0xc00c, TLS1_TXT_ECDH_RSA_WITH_RC4_128_SHA) #endif #ifdef TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA CIPHER(0xc00e, TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA) #else XCIPHER(0xc00e, TLS1_TXT_ECDH_RSA_WITH_AES_128_CBC_SHA) #endif #ifdef TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA CIPHER(0xc002, TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA) #else XCIPHER(0xc002, TLS1_TXT_ECDH_ECDSA_WITH_RC4_128_SHA) #endif #ifdef TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA CIPHER(0xc004, TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA) #ifdef TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA CIPHER(0x0045, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA) #else XCIPHER(0xc004, TLS1_TXT_ECDH_ECDSA_WITH_AES_128_CBC_SHA) XCIPHER(0x0045, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA) #endif #ifdef TLS1_TXT_RSA_WITH_SEED_SHA CIPHER(0x0096, TLS1_TXT_RSA_WITH_SEED_SHA) #ifdef TLS1_TXT_DHE_RSA_WITH_AES_256_SHA CIPHER(0x0039, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA) #else XCIPHER(0x0096, TLS1_TXT_RSA_WITH_SEED_SHA) XCIPHER(0x0039, TLS1_TXT_DHE_RSA_WITH_AES_256_SHA) #endif #ifdef TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA CIPHER(0x0041, TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA) #ifdef TLS1_TXT_DHE_DSS_WITH_AES_256_SHA CIPHER(0x0038, TLS1_TXT_DHE_DSS_WITH_AES_256_SHA) #else XCIPHER(0x0041, TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA) XCIPHER(0x0038, TLS1_TXT_DHE_DSS_WITH_AES_256_SHA) #endif #ifdef SSL3_TXT_RSA_RC4_128_MD5 CIPHER(0x0004, SSL3_TXT_RSA_RC4_128_MD5) #ifdef TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA CIPHER(0x0088, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA) #else XCIPHER(0x0004, SSL3_TXT_RSA_RC4_128_MD5) XCIPHER(0x0088, TLS1_TXT_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA) #endif #ifdef SSL3_TXT_RSA_RC4_128_SHA CIPHER(0x0005, SSL3_TXT_RSA_RC4_128_SHA) #ifdef SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA CIPHER(0x0016, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA) #else XCIPHER(0x0005, SSL3_TXT_RSA_RC4_128_SHA) XCIPHER(0x0016, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA) #endif #ifdef TLS1_TXT_RSA_WITH_AES_128_SHA CIPHER(0x002f, TLS1_TXT_RSA_WITH_AES_128_SHA) #else XCIPHER(0x002f, TLS1_TXT_RSA_WITH_AES_128_SHA) #endif #ifdef TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA CIPHER(0xc008, TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA) #else XCIPHER(0xc008, TLS1_TXT_ECDHE_ECDSA_WITH_DES_192_CBC3_SHA) #endif #ifdef TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA CIPHER(0xc012, TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA) #else XCIPHER(0xc012, TLS1_TXT_ECDHE_RSA_WITH_DES_192_CBC3_SHA) #endif #ifdef SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA CIPHER(0x0016, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA) #ifdef TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA CIPHER(0x0041, TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA) #else XCIPHER(0x0016, SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA) XCIPHER(0x0041, TLS1_TXT_RSA_WITH_CAMELLIA_128_CBC_SHA) #endif #ifdef SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA CIPHER(0x0013, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA) #ifdef TLS1_TXT_RSA_WITH_AES_256_SHA CIPHER(0x0035, TLS1_TXT_RSA_WITH_AES_256_SHA) #else XCIPHER(0x0013, SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA) XCIPHER(0x0035, TLS1_TXT_RSA_WITH_AES_256_SHA) #endif #ifdef TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA CIPHER(0xc00d, TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA) #ifdef TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA CIPHER(0x0084, TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA) #else XCIPHER(0xc00d, TLS1_TXT_ECDH_RSA_WITH_DES_192_CBC3_SHA) XCIPHER(0x0084, TLS1_TXT_RSA_WITH_CAMELLIA_256_CBC_SHA) #endif #ifdef TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA CIPHER(0xc003, TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA) #ifdef SSL3_TXT_RSA_DES_192_CBC3_SHA CIPHER(0x000a, SSL3_TXT_RSA_DES_192_CBC3_SHA) #else XCIPHER(0xc003, TLS1_TXT_ECDH_ECDSA_WITH_DES_192_CBC3_SHA) XCIPHER(0x000a, SSL3_TXT_RSA_DES_192_CBC3_SHA) #endif /* No openssl macro found for 0xfeff */ #ifdef SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA CIPHER(0xfeff, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA) #ifdef SSL3_TXT_RSA_RC4_128_SHA CIPHER(0x0005, SSL3_TXT_RSA_RC4_128_SHA) #else XCIPHER(0xfeff, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA) XCIPHER(0x0005, SSL3_TXT_RSA_RC4_128_SHA) #endif #ifdef SSL3_TXT_RSA_DES_192_CBC3_SHA CIPHER(0x000a, SSL3_TXT_RSA_DES_192_CBC3_SHA) #ifdef SSL3_TXT_RSA_RC4_128_MD5 CIPHER(0x0004, SSL3_TXT_RSA_RC4_128_MD5) #else XCIPHER(0x000a, SSL3_TXT_RSA_DES_192_CBC3_SHA) XCIPHER(0x0004, SSL3_TXT_RSA_RC4_128_MD5) #endif
src/common/get_mozilla_ciphers.py +24 −6 Original line number Diff line number Diff line Loading @@ -41,12 +41,12 @@ fileA = open(ff('security/manager/ssl/src/nsNSSComponent.cpp'),'r') inCipherSection = False cipherLines = [] for line in fileA: if line.startswith('static CipherPref CipherPrefs'): if line.startswith('static const CipherPref sCipherPrefs[]'): # Get the starting boundary of the Cipher Preferences inCipherSection = True elif inCipherSection: line = line.strip() if line.startswith('{NULL, 0}'): if line.startswith('{ nullptr, 0}'): # At the ending boundary of the Cipher Prefs break else: Loading @@ -56,10 +56,28 @@ fileA.close() # Parse the lines and put them into a dict ciphers = {} cipher_pref = {} key_pending = None for line in cipherLines: m = re.search(r'^{\s*\"([^\"]+)\",\s*(\S*)\s*}', line) m = re.search(r'^{\s*\"([^\"]+)\",\s*(\S+)\s*(?:,\s*(true|false))?\s*}', line) if m: key,value = m.groups() assert not key_pending key,value,enabled = m.groups() if enabled == 'true': ciphers[key] = value cipher_pref[value] = key continue m = re.search(r'^{\s*\"([^\"]+)\",', line) if m: assert not key_pending key_pending = m.group(1) continue m = re.search(r'^\s*(\S+)(?:,\s*(true|false))?\s*}', line) if m: assert key_pending key = key_pending value,enabled = m.groups() key_pending = None if enabled == 'true': ciphers[key] = value cipher_pref[value] = key Loading
