diff options
Diffstat (limited to 'chromium/net/third_party/nss/ssl/sslenum.c')
-rw-r--r-- | chromium/net/third_party/nss/ssl/sslenum.c | 125 |
1 files changed, 67 insertions, 58 deletions
diff --git a/chromium/net/third_party/nss/ssl/sslenum.c b/chromium/net/third_party/nss/ssl/sslenum.c index fc6b85423b1..d601207f789 100644 --- a/chromium/net/third_party/nss/ssl/sslenum.c +++ b/chromium/net/third_party/nss/ssl/sslenum.c @@ -10,16 +10,6 @@ #include "sslproto.h" /* - * The ciphers are listed in the following order: - * - stronger ciphers before weaker ciphers - * - national ciphers before international ciphers - * - faster ciphers before slower ciphers - * - * National ciphers such as Camellia are listed before international ciphers - * such as AES and RC4 to allow servers that prefer Camellia to negotiate - * Camellia without having to disable AES and RC4, which are needed for - * interoperability with clients that don't yet implement Camellia. - * * The ordering of cipher suites in this table must match the ordering in * the cipherSuites table in ssl3con.c. * @@ -27,77 +17,96 @@ * in ssl3ecc.c. * * Finally, update the ssl_V3_SUITES_IMPLEMENTED macro in sslimpl.h. + * + * The ordering is as follows: + * * No-encryption cipher suites last + * * Export/weak/obsolete cipher suites before no-encryption cipher suites + * * Order by key exchange algorithm: ECDHE, then DHE, then ECDH, RSA. + * * Within key agreement sections, order by symmetric encryption algorithm: + * AES-128, then Camellia-128, then AES-256, then Camellia-256, then SEED, + * then FIPS-3DES, then 3DES, then RC4. AES is commonly accepted as a + * strong cipher internationally, and is often hardware-accelerated. + * Camellia also has wide international support across standards + * organizations. SEED is only recommended by the Korean government. 3DES + * only provides 112 bits of security. RC4 is now deprecated or forbidden + * by many standards organizations. + * * Within symmetric algorithm sections, order by message authentication + * algorithm: GCM, then HMAC-SHA1, then HMAC-SHA256, then HMAC-MD5. + * * Within message authentication algorithm sections, order by asymmetric + * signature algorithm: ECDSA, then RSA, then DSS. + * + * Exception: Because some servers ignore the high-order byte of the cipher + * suite ID, we must be careful about adding cipher suites with IDs larger + * than 0x00ff; see bug 946147. For these broken servers, the first six cipher + * suites, with the MSB zeroed, look like: + * TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA { 0x00,0x14 } + * TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA { 0x00,0x13 } + * TLS_KRB5_EXPORT_WITH_RC4_40_MD5 { 0x00,0x2B } + * TLS_RSA_WITH_AES_128_CBC_SHA { 0x00,0x2F } + * TLS_RSA_WITH_3DES_EDE_CBC_SHA { 0x00,0x0A } + * TLS_RSA_WITH_DES_CBC_SHA { 0x00,0x09 } + * The broken server only supports the fifth and sixth ones and will select + * the fifth one. */ const PRUint16 SSL_ImplementedCiphers[] = { - /* AES-GCM */ #ifdef NSS_ENABLE_ECC TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, -#endif /* NSS_ENABLE_ECC */ - TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, - TLS_RSA_WITH_AES_128_GCM_SHA256, - - /* 256-bit */ -#ifdef NSS_ENABLE_ECC + /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA must appear before + * TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA to work around bug 946147. + */ TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, -#endif /* NSS_ENABLE_ECC */ - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA, - TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, - TLS_DHE_DSS_WITH_AES_256_CBC_SHA, -#ifdef NSS_ENABLE_ECC - TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, - TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, -#endif /* NSS_ENABLE_ECC */ - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, - TLS_RSA_WITH_AES_256_CBC_SHA, - TLS_RSA_WITH_AES_256_CBC_SHA256, - - /* 128-bit */ -#ifdef NSS_ENABLE_ECC - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, - TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, + TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, + TLS_ECDHE_RSA_WITH_RC4_128_SHA, #endif /* NSS_ENABLE_ECC */ + + TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA, + TLS_DHE_DSS_WITH_AES_128_CBC_SHA, + TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA, TLS_DHE_DSS_WITH_CAMELLIA_128_CBC_SHA, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA, + TLS_DHE_DSS_WITH_AES_256_CBC_SHA, + TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, + TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS_DHE_DSS_WITH_CAMELLIA_256_CBC_SHA, + SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, + SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_DHE_DSS_WITH_RC4_128_SHA, - TLS_DHE_RSA_WITH_AES_128_CBC_SHA, - TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, - TLS_DHE_DSS_WITH_AES_128_CBC_SHA, + #ifdef NSS_ENABLE_ECC - TLS_ECDH_RSA_WITH_RC4_128_SHA, + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, + TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, + TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, + TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, - TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, + TLS_ECDH_RSA_WITH_RC4_128_SHA, #endif /* NSS_ENABLE_ECC */ - TLS_RSA_WITH_SEED_CBC_SHA, - TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, - SSL_RSA_WITH_RC4_128_SHA, - SSL_RSA_WITH_RC4_128_MD5, + + TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, - - /* 112-bit 3DES */ -#ifdef NSS_ENABLE_ECC - TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, - TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, -#endif /* NSS_ENABLE_ECC */ - SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, - SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, -#ifdef NSS_ENABLE_ECC - TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, - TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, -#endif /* NSS_ENABLE_ECC */ + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, + TLS_RSA_WITH_AES_256_CBC_SHA, + TLS_RSA_WITH_AES_256_CBC_SHA256, + TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, + TLS_RSA_WITH_SEED_CBC_SHA, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, + SSL_RSA_WITH_RC4_128_SHA, + SSL_RSA_WITH_RC4_128_MD5, /* 56-bit DES "domestic" cipher suites */ SSL_DHE_RSA_WITH_DES_CBC_SHA, |