bug 1487517 - un-do ciphersuite hiding from bug 1279479 and bug 1316300 r=mt

In bug 1279479 and bug 1316300 we hid some ciphersuites from TLS 1.3
handshakes, assuming we would fall back to TLS 1.2 if the peer needed them.
However, as of bug 1479501, we don't fall back by default, so this just means
we can't negotiate these ciphersuites. This patch un-hides these ciphersuites
from the TLS 1.3 handshake.

Differential Revision: https://phabricator.services.mozilla.com/D4725

--HG--
extra : moz-landing-system : lando

security/manager/ssl/nsNSSComponent.h

@@ -63,10 +63,6 @@ public:
 
   static nsresult GetNewPrompter(nsIPrompt** result);
 
-  // The following two methods are thread-safe.
-  static bool AreAnyWeakCiphersEnabled();
-  static void UseWeakCiphersOnSocket(PRFileDesc* fd);
-
   static void FillTLSVersionRange(SSLVersionRange& rangeOut,
                                   uint32_t minFromPrefs,
                                   uint32_t maxFromPrefs,

security/manager/ssl/nsNSSIOLayer.cpp

@@ -2577,13 +2577,6 @@ nsSSLIOLayerSetOptions(PRFileDesc* fd, bool forSTARTTLS,
     }
   }
 
-  if (range.max > SSL_LIBRARY_VERSION_TLS_1_2) {
-    SSL_CipherPrefSet(fd, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, false);
-    SSL_CipherPrefSet(fd, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, false);
-    SSL_CipherPrefSet(fd, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, false);
-    SSL_CipherPrefSet(fd, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, false);
-  }
-
   // Include a modest set of named groups.
   // Please change getKeaGroupName in nsNSSCallbacks.cpp when changing the list
   // here.