mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1130670 - Remove vestigial RC4 fallback backend. r=keeler 

MozReview-Commit-ID: 9YRVgnymndI

--HG--
extra : rebase_source : bdbb2b008336aece4b970cd25d0d283cf63f21d4
extra : intermediate-source : ffebf3ebf9f15223ff4b68efe3c15d9d3427df36
extra : source : 7cace2994af1116a957e13259440ccb9722343d1
This commit is contained in:
Masatoshi Kimura 2016-12-02 22:09:38 +09:00
Родитель cb0fb60d0d
Коммит c483cb248d
14 изменённых файлов: 32 добавлений и 847 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

1
netwerk/base/security-prefs.js
Просмотреть файл

@ -6,7 +6,6 @@ pref("security.tls.version.min", 1);
pref("security.tls.version.max", 4);
pref("security.tls.version.fallback-limit", 3);
pref("security.tls.insecure_fallback_hosts", "");
pref("security.tls.unrestricted_rc4_fallback", false);
pref("security.tls.enable_0rtt_data", false);
pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

67
security/manager/ssl/WeakCryptoOverride.cpp
Просмотреть файл

@ -1,67 +0,0 @@
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "WeakCryptoOverride.h"
#include "MainThreadUtils.h"
#include "SharedSSLState.h"
#include "nss.h"
using namespace mozilla;
using namespace mozilla::psm;
NS_IMPL_ISUPPORTS(WeakCryptoOverride,
nsIWeakCryptoOverride)
WeakCryptoOverride::WeakCryptoOverride()
{
}
WeakCryptoOverride::~WeakCryptoOverride()
{
}
NS_IMETHODIMP
WeakCryptoOverride::AddWeakCryptoOverride(const nsACString& aHostName,
bool aPrivate, bool aTemporary)
{
if (!NS_IsMainThread()) {
return NS_ERROR_NOT_SAME_THREAD;
}
SharedSSLState* sharedState = aPrivate ? PrivateSSLState()
: PublicSSLState();
if (!sharedState) {
return NS_ERROR_NOT_AVAILABLE;
}
const nsPromiseFlatCString& host = PromiseFlatCString(aHostName);
sharedState->IOLayerHelpers().addInsecureFallbackSite(host, aTemporary);
return NS_OK;
}
NS_IMETHODIMP
WeakCryptoOverride::RemoveWeakCryptoOverride(const nsACString& aHostName,
int32_t aPort, bool aPrivate)
{
if (!NS_IsMainThread()) {
return NS_ERROR_NOT_SAME_THREAD;
}
SharedSSLState* sharedState = aPrivate ? PrivateSSLState()
: PublicSSLState();
if (!sharedState) {
return NS_ERROR_NOT_AVAILABLE;
}
const nsPromiseFlatCString& host = PromiseFlatCString(aHostName);
sharedState->IOLayerHelpers().removeInsecureFallbackSite(host, aPort);
// Some servers will fail with SSL_ERROR_ILLEGAL_PARAMETER_ALERT
// unless the session cache is cleared.
SSL_ClearSessionCache();
return NS_OK;
}

35
security/manager/ssl/WeakCryptoOverride.h
Просмотреть файл

@ -1,35 +0,0 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#ifndef WEAKCRYPTOOVERRIDE_H
#define WEAKCRYPTOOVERRIDE_H
#include "nsIWeakCryptoOverride.h"
#include "nsWeakReference.h"
namespace mozilla {
namespace psm {
class WeakCryptoOverride final : public nsIWeakCryptoOverride
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSIWEAKCRYPTOOVERRIDE
WeakCryptoOverride();
protected:
~WeakCryptoOverride();
};
} // psm
} // mozilla
#define NS_WEAKCRYPTOOVERRIDE_CID /* ffb06724-3c20-447c-8328-ae71513dd618 */ \
{ 0xffb06724, 0x3c20, 0x447c, \
{ 0x83, 0x28, 0xae, 0x71, 0x51, 0x3d, 0xd6, 0x18 } }
#endif

2
security/manager/ssl/moz.build
Просмотреть файл

@ -39,7 +39,6 @@ XPIDL_SOURCES += [
'nsITokenDialogs.idl',
'nsITokenPasswordDialogs.idl',
'nsIU2FToken.idl',
'nsIWeakCryptoOverride.idl',
'nsIX509Cert.idl',
'nsIX509CertDB.idl',
'nsIX509CertList.idl',
@ -140,7 +139,6 @@ UNIFIED_SOURCES += [
'SharedSSLState.cpp',
'SSLServerCertVerification.cpp',
'TransportSecurityInfo.cpp',
'WeakCryptoOverride.cpp',
]
IPDL_SOURCES += [

45
security/manager/ssl/nsIWeakCryptoOverride.idl
Просмотреть файл

@ -1,45 +0,0 @@
/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*-
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
#include "nsISupports.idl"
%{C++
#define NS_WEAKCRYPTOOVERRIDE_CONTRACTID "@mozilla.org/security/weakcryptooverride;1"
%}
/**
* This represents the fallback whitelist for
* weak crypto servers such as RC4-only.
*/
[scriptable, uuid(27b4d3df-8f15-4eb4-a35f-474e911b61e7)]
interface nsIWeakCryptoOverride : nsISupports {
/**
* Add a weak crypto override for the given hostname.
* Main thread only.
*
* @param aHostName The host (punycode) this mapping belongs to
* @param aPrivate The override info will used for the private browsing
* session and no information will be written to the disk.
* @param aTemporary The override info will not persist between sessions.
* Ignored if aPrivate is true.
*/
void addWeakCryptoOverride(in ACString aHostName,
in boolean aPrivate,
[optional] in boolean aTemporary);
/**
* Remove a weak crypto override for the given hostname:port.
* Main thread only.
*
* @param aHostName The host (punycode) whose entry should be cleared.
* @param aPort The port whose entry should be cleared.
* @param aPrivate The override info will used for the private browsing
* session.
*/
void removeWeakCryptoOverride(in ACString aHostName,
in int32_t aPort,
in boolean aPrivate);
};

23
security/manager/ssl/nsNSSCallbacks.cpp
Просмотреть файл

@ -1054,8 +1054,6 @@ AccumulateCipherSuite(Telemetry::ID probe, const SSLChannelInfo& channelInfo)
case TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: value = 5; break;
case TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: value = 6; break;
case TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: value = 7; break;
case TLS_ECDHE_RSA_WITH_RC4_128_SHA: value = 8; break;
case TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: value = 9; break;
case TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA: value = 10; break;
case TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256: value = 11; break;
case TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256: value = 12; break;
@ -1079,8 +1077,6 @@ AccumulateCipherSuite(Telemetry::ID probe, const SSLChannelInfo& channelInfo)
case TLS_ECDH_RSA_WITH_AES_256_CBC_SHA: value = 44; break;
case TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA: value = 45; break;
case TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA: value = 46; break;
case TLS_ECDH_ECDSA_WITH_RC4_128_SHA: value = 47; break;
case TLS_ECDH_RSA_WITH_RC4_128_SHA: value = 48; break;
// RSA key exchange
case TLS_RSA_WITH_AES_128_CBC_SHA: value = 61; break;
case TLS_RSA_WITH_CAMELLIA_128_CBC_SHA: value = 62; break;
@ -1089,8 +1085,6 @@ AccumulateCipherSuite(Telemetry::ID probe, const SSLChannelInfo& channelInfo)
case SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA: value = 65; break;
case TLS_RSA_WITH_3DES_EDE_CBC_SHA: value = 66; break;
case TLS_RSA_WITH_SEED_CBC_SHA: value = 67; break;
case TLS_RSA_WITH_RC4_128_SHA: value = 68; break;
case TLS_RSA_WITH_RC4_128_MD5: value = 69; break;
// TLS 1.3 PSK resumption
case TLS_AES_128_GCM_SHA256: value = 70; break;
case TLS_CHACHA20_POLY1305_SHA256: value = 71; break;
@ -1213,7 +1207,6 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
infoObject->GetPort(),
versions.max);
bool usesFallbackCipher = false;
SSLChannelInfo channelInfo;
rv = SSL_GetChannelInfo(fd, &channelInfo, sizeof(channelInfo));
MOZ_ASSERT(rv == SECSuccess);
@ -1233,8 +1226,6 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
sizeof cipherInfo);
MOZ_ASSERT(rv == SECSuccess);
if (rv == SECSuccess) {
usesFallbackCipher = channelInfo.keaType == ssl_kea_dh;
// keyExchange null=0, rsa=1, dh=2, fortezza=3, ecdh=4
Telemetry::Accumulate(
infoObject->IsFullHandshake()
@ -1325,14 +1316,12 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
} else {
state = nsIWebProgressListener::STATE_IS_SECURE |
nsIWebProgressListener::STATE_SECURE_HIGH;
if (!usesFallbackCipher) {
SSLVersionRange defVersion;
rv = SSL_VersionRangeGetDefault(ssl_variant_stream, &defVersion);
if (rv == SECSuccess && versions.max >= defVersion.max) {
// we know this site no longer requires a fallback cipher
ioLayerHelpers.removeInsecureFallbackSite(infoObject->GetHostName(),
infoObject->GetPort());
}
SSLVersionRange defVersion;
rv = SSL_VersionRangeGetDefault(ssl_variant_stream, &defVersion);
if (rv == SECSuccess && versions.max >= defVersion.max) {
// we know this site no longer requires a version fallback
ioLayerHelpers.removeInsecureFallbackSite(infoObject->GetHostName(),
infoObject->GetPort());
}
}

56
security/manager/ssl/nsNSSComponent.cpp
Просмотреть файл

@ -1313,7 +1313,6 @@ typedef struct {
const char* pref;
long id;
bool enabledByDefault;
bool weak;
} CipherPref;
// Update the switch statement in AccumulateCipherSuite in nsNSSCallbacks.cpp
@ -1369,31 +1368,6 @@ static const CipherPref sCipherPrefs[] = {
{ nullptr, 0 } // end marker
};
// Bit flags indicating what weak ciphers are enabled.
// The bit index will correspond to the index in sCipherPrefs.
// Wrtten by the main thread, read from any threads.
static Atomic<uint32_t> sEnabledWeakCiphers;
static_assert(MOZ_ARRAY_LENGTH(sCipherPrefs) - 1 <= sizeof(uint32_t) * CHAR_BIT,
"too many cipher suites");
/*static*/ bool
nsNSSComponent::AreAnyWeakCiphersEnabled()
{
return !!sEnabledWeakCiphers;
}
/*static*/ void
nsNSSComponent::UseWeakCiphersOnSocket(PRFileDesc* fd)
{
const uint32_t enabledWeakCiphers = sEnabledWeakCiphers;
const CipherPref* const cp = sCipherPrefs;
for (size_t i = 0; cp[i].pref; ++i) {
if (enabledWeakCiphers & ((uint32_t)1 << i)) {
SSL_CipherPrefSet(fd, cp[i].id, true);
}
}
}
// This function will convert from pref values like 1, 2, ...
// to the internal values of SSL_LIBRARY_VERSION_TLS_1_0,
// SSL_LIBRARY_VERSION_TLS_1_1, ...
@ -1509,22 +1483,8 @@ CipherSuiteChangeObserver::Observe(nsISupports* aSubject,
if (prefName.Equals(cp[i].pref)) {
bool cipherEnabled = Preferences::GetBool(cp[i].pref,
cp[i].enabledByDefault);
if (cp[i].weak) {
// Weak ciphers will not be used by default even if they
// are enabled in prefs. They are only used on specific
// sockets as a part of a fallback mechanism.
// Only the main thread will change sEnabledWeakCiphers.
uint32_t enabledWeakCiphers = sEnabledWeakCiphers;
if (cipherEnabled) {
enabledWeakCiphers |= ((uint32_t)1 << i);
} else {
enabledWeakCiphers &= ~((uint32_t)1 << i);
}
sEnabledWeakCiphers = enabledWeakCiphers;
} else {
SSL_CipherPrefSetDefault(cp[i].id, cipherEnabled);
SSL_ClearSessionCache();
}
SSL_CipherPrefSetDefault(cp[i].id, cipherEnabled);
SSL_ClearSessionCache();
break;
}
}
@ -2449,22 +2409,12 @@ InitializeCipherSuite()
}
// Now only set SSL/TLS ciphers we knew about at compile time
uint32_t enabledWeakCiphers = 0;
const CipherPref* const cp = sCipherPrefs;
for (size_t i = 0; cp[i].pref; ++i) {
bool cipherEnabled = Preferences::GetBool(cp[i].pref,
cp[i].enabledByDefault);
if (cp[i].weak) {
// Weak ciphers are not used by default. See the comment
// in CipherSuiteChangeObserver::Observe for details.
if (cipherEnabled) {
enabledWeakCiphers |= ((uint32_t)1 << i);
}
} else {
SSL_CipherPrefSetDefault(cp[i].id, cipherEnabled);
}
SSL_CipherPrefSetDefault(cp[i].id, cipherEnabled);
}
sEnabledWeakCiphers = enabledWeakCiphers;
// Enable ciphers for PKCS#12
SEC_PKCS12EnableCipher(PKCS12_RC4_40, 1);

111
security/manager/ssl/nsNSSIOLayer.cpp
Просмотреть файл

@ -757,14 +757,10 @@ nsSSLIOLayerHelpers::rememberTolerantAtVersion(const nsACString& hostName,
entry.intolerant = entry.tolerant + 1;
entry.intoleranceReason = 0; // lose the reason
}
if (entry.strongCipherStatus == StrongCipherStatusUnknown) {
entry.strongCipherStatus = StrongCiphersWorked;
}
} else {
entry.tolerant = tolerant;
entry.intolerant = 0;
entry.intoleranceReason = 0;
entry.strongCipherStatus = StrongCiphersWorked;
}
entry.AssertInvariant();
@ -787,9 +783,6 @@ nsSSLIOLayerHelpers::forgetIntolerance(const nsACString& hostName,
entry.intolerant = 0;
entry.intoleranceReason = 0;
if (entry.strongCipherStatus != StrongCiphersWorked) {
entry.strongCipherStatus = StrongCipherStatusUnknown;
}
entry.AssertInvariant();
mTLSIntoleranceInfo.Put(key, entry);
@ -838,7 +831,6 @@ nsSSLIOLayerHelpers::rememberIntolerantAtVersion(const nsACString& hostName,
}
} else {
entry.tolerant = 0;
entry.strongCipherStatus = StrongCipherStatusUnknown;
}
entry.intolerant = intolerant;
@ -849,42 +841,10 @@ nsSSLIOLayerHelpers::rememberIntolerantAtVersion(const nsACString& hostName,
return true;
}
// returns true if we should retry the handshake
bool
nsSSLIOLayerHelpers::rememberStrongCiphersFailed(const nsACString& hostName,
int16_t port,
PRErrorCode intoleranceReason)
{
nsCString key;
getSiteKey(hostName, port, key);
MutexAutoLock lock(mutex);
IntoleranceEntry entry;
if (mTLSIntoleranceInfo.Get(key, &entry)) {
entry.AssertInvariant();
if (entry.strongCipherStatus != StrongCipherStatusUnknown) {
// We already know if the server supports a strong cipher.
return false;
}
} else {
entry.tolerant = 0;
entry.intolerant = 0;
entry.intoleranceReason = intoleranceReason;
}
entry.strongCipherStatus = StrongCiphersFailed;
entry.AssertInvariant();
mTLSIntoleranceInfo.Put(key, entry);
return true;
}
void
nsSSLIOLayerHelpers::adjustForTLSIntolerance(const nsACString& hostName,
int16_t port,
/*in/out*/ SSLVersionRange& range,
/*out*/ StrongCipherStatus& strongCipherStatus)
/*in/out*/ SSLVersionRange& range)
{
IntoleranceEntry entry;
@ -907,7 +867,6 @@ nsSSLIOLayerHelpers::adjustForTLSIntolerance(const nsACString& hostName,
range.max = entry.intolerant - 1;
}
}
strongCipherStatus = entry.strongCipherStatus;
}
PRErrorCode
@ -1130,28 +1089,6 @@ retryDueToTLSIntolerance(PRErrorCode err, nsNSSSocketInfo* socketInfo)
return false;
}
// Disallow PR_CONNECT_RESET_ERROR if fallback limit reached.
bool fallbackLimitReached =
helpers.fallbackLimitReached(socketInfo->GetHostName(), range.max);
if (err == PR_CONNECT_RESET_ERROR && fallbackLimitReached) {
return false;
}
if ((err == SSL_ERROR_NO_CYPHER_OVERLAP || err == PR_END_OF_FILE_ERROR ||
err == PR_CONNECT_RESET_ERROR) &&
nsNSSComponent::AreAnyWeakCiphersEnabled()) {
if (helpers.isInsecureFallbackSite(socketInfo->GetHostName()) ||
helpers.mUnrestrictedRC4Fallback) {
if (helpers.rememberStrongCiphersFailed(socketInfo->GetHostName(),
socketInfo->GetPort(), err)) {
Telemetry::Accumulate(Telemetry::SSL_WEAK_CIPHERS_FALLBACK,
tlsIntoleranceTelemetryBucket(err));
return true;
}
Telemetry::Accumulate(Telemetry::SSL_WEAK_CIPHERS_FALLBACK, 0);
}
}
// When not using a proxy we'll see a connection reset error.
// When using a proxy, we'll see an end of file error.
@ -1355,7 +1292,6 @@ nsSSLIOLayerHelpers::nsSSLIOLayerHelpers()
: mTreatUnsafeNegotiationAsBroken(false)
, mTLSIntoleranceInfo()
, mFalseStartRequireNPN(false)
, mUnrestrictedRC4Fallback(false)
, mVersionFallbackLimit(SSL_LIBRARY_VERSION_TLS_1_0)
, mutex("nsSSLIOLayerHelpers.mutex")
{
@ -1577,9 +1513,6 @@ PrefObserver::Observe(nsISupports* aSubject, const char* aTopic,
if (mOwner->isPublic()) {
mOwner->initInsecureFallbackSites();
}
} else if (prefName.EqualsLiteral("security.tls.unrestricted_rc4_fallback")) {
mOwner->mUnrestrictedRC4Fallback =
Preferences::GetBool("security.tls.unrestricted_rc4_fallback", false);
}
}
return NS_OK;
@ -1616,8 +1549,6 @@ nsSSLIOLayerHelpers::~nsSSLIOLayerHelpers()
"security.tls.version.fallback-limit");
Preferences::RemoveObserver(mPrefObserver,
"security.tls.insecure_fallback_hosts");
Preferences::RemoveObserver(mPrefObserver,
"security.tls.unrestricted_rc4_fallback");
}
}
@ -1675,8 +1606,6 @@ nsSSLIOLayerHelpers::Init()
FALSE_START_REQUIRE_NPN_DEFAULT);
loadVersionFallbackLimit();
initInsecureFallbackSites();
mUnrestrictedRC4Fallback =
Preferences::GetBool("security.tls.unrestricted_rc4_fallback", false);
mPrefObserver = new PrefObserver(this);
Preferences::AddStrongObserver(mPrefObserver,
@ -1687,8 +1616,6 @@ nsSSLIOLayerHelpers::Init()
"security.tls.version.fallback-limit");
Preferences::AddStrongObserver(mPrefObserver,
"security.tls.insecure_fallback_hosts");
Preferences::AddStrongObserver(mPrefObserver,
"security.tls.unrestricted_rc4_fallback");
return NS_OK;
}
@ -1754,30 +1681,6 @@ nsSSLIOLayerHelpers::isPublic() const
return this == &PublicSSLState()->IOLayerHelpers();
}
void
nsSSLIOLayerHelpers::addInsecureFallbackSite(const nsCString& hostname,
bool temporary)
{
MOZ_ASSERT(NS_IsMainThread());
{
MutexAutoLock lock(mutex);
if (mInsecureFallbackSites.Contains(hostname)) {
return;
}
mInsecureFallbackSites.PutEntry(hostname);
}
if (!isPublic() || temporary) {
return;
}
nsCString value;
Preferences::GetCString("security.tls.insecure_fallback_hosts", &value);
if (!value.IsEmpty()) {
value.Append(',');
}
value.Append(hostname);
Preferences::SetCString("security.tls.insecure_fallback_hosts", value);
}
class FallbackPrefRemover final : public Runnable
{
public:
@ -2479,25 +2382,19 @@ nsSSLIOLayerSetOptions(PRFileDesc* fd, bool forSTARTTLS,
}
uint16_t maxEnabledVersion = range.max;
StrongCipherStatus strongCiphersStatus = StrongCipherStatusUnknown;
infoObject->SharedState().IOLayerHelpers()
.adjustForTLSIntolerance(infoObject->GetHostName(), infoObject->GetPort(),
range, strongCiphersStatus);
range);
MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
("[%p] nsSSLIOLayerSetOptions: using TLS version range (0x%04x,0x%04x)%s\n",
("[%p] nsSSLIOLayerSetOptions: using TLS version range (0x%04x,0x%04x)\n",
fd, static_cast<unsigned int>(range.min),
static_cast<unsigned int>(range.max),
strongCiphersStatus == StrongCiphersFailed ? " with weak ciphers" : ""));
static_cast<unsigned int>(range.max)));
if (SSL_VersionRangeSet(fd, &range) != SECSuccess) {
return NS_ERROR_FAILURE;
}
infoObject->SetTLSVersionRange(range);
if (strongCiphersStatus == StrongCiphersFailed) {
nsNSSComponent::UseWeakCiphersOnSocket(fd);
}
// when adjustForTLSIntolerance tweaks the maximum version downward,
// we tell the server using this SCSV so they can detect a downgrade attack
if (range.max < maxEnabledVersion) {

14
security/manager/ssl/nsNSSIOLayer.h
Просмотреть файл

@ -161,12 +161,6 @@ private:
nsCOMPtr<nsIX509Cert> mClientCert;
};
enum StrongCipherStatus {
StrongCipherStatusUnknown,
StrongCiphersWorked,
StrongCiphersFailed
};
class nsSSLIOLayerHelpers
{
public:
@ -193,7 +187,6 @@ private:
uint16_t tolerant;
uint16_t intolerant;
PRErrorCode intoleranceReason;
StrongCipherStatus strongCipherStatus;
void AssertInvariant() const
{
@ -212,12 +205,9 @@ public:
bool rememberIntolerantAtVersion(const nsACString& hostname, int16_t port,
uint16_t intolerant, uint16_t minVersion,
PRErrorCode intoleranceReason);
bool rememberStrongCiphersFailed(const nsACString& hostName, int16_t port,
PRErrorCode intoleranceReason);
void forgetIntolerance(const nsACString& hostname, int16_t port);
void adjustForTLSIntolerance(const nsACString& hostname, int16_t port,
/*in/out*/ SSLVersionRange& range,
/*out*/ StrongCipherStatus& strongCipherStatus);
/*in/out*/ SSLVersionRange& range);
PRErrorCode getIntoleranceReason(const nsACString& hostname, int16_t port);
void clearStoredData();
@ -225,12 +215,10 @@ public:
void setInsecureFallbackSites(const nsCString& str);
void initInsecureFallbackSites();
bool isPublic() const;
void addInsecureFallbackSite(const nsCString& hostname, bool temporary);
void removeInsecureFallbackSite(const nsACString& hostname, uint16_t port);
bool isInsecureFallbackSite(const nsACString& hostname);
bool mFalseStartRequireNPN;
bool mUnrestrictedRC4Fallback;
uint16_t mVersionFallbackLimit;
private:
mozilla::Mutex mutex;

5
security/manager/ssl/nsNSSModule.cpp
Просмотреть файл

@ -10,7 +10,6 @@
#include "PSMContentListener.h"
#include "SecretDecoderRing.h"
#include "TransportSecurityInfo.h"
#include "WeakCryptoOverride.h"
#include "mozilla/ModuleUtils.h"
#include "nsCURILoader.h"
#include "nsCertOverrideService.h"
@ -219,7 +218,6 @@ NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsCertOverrideService, Init)
NS_GENERIC_FACTORY_CONSTRUCTOR(nsSecureBrowserUIImpl)
NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(CertBlocklist, Init)
NS_GENERIC_FACTORY_CONSTRUCTOR_INIT(nsSiteSecurityService, Init)
NS_GENERIC_FACTORY_CONSTRUCTOR(WeakCryptoOverride)
NS_DEFINE_NAMED_CID(NS_NSSCOMPONENT_CID);
NS_DEFINE_NAMED_CID(NS_SSLSOCKETPROVIDER_CID);
@ -253,7 +251,6 @@ NS_DEFINE_NAMED_CID(NS_NSSVERSION_CID);
NS_DEFINE_NAMED_CID(NS_SECURE_BROWSER_UI_CID);
NS_DEFINE_NAMED_CID(NS_SITE_SECURITY_SERVICE_CID);
NS_DEFINE_NAMED_CID(NS_CERT_BLOCKLIST_CID);
NS_DEFINE_NAMED_CID(NS_WEAKCRYPTOOVERRIDE_CID);
static const mozilla::Module::CIDEntry kNSSCIDs[] = {
{ &kNS_NSSCOMPONENT_CID, false, nullptr, nsNSSComponentConstructor },
@ -288,7 +285,6 @@ static const mozilla::Module::CIDEntry kNSSCIDs[] = {
{ &kNS_SECURE_BROWSER_UI_CID, false, nullptr, nsSecureBrowserUIImplConstructor },
{ &kNS_SITE_SECURITY_SERVICE_CID, false, nullptr, nsSiteSecurityServiceConstructor },
{ &kNS_CERT_BLOCKLIST_CID, false, nullptr, CertBlocklistConstructor},
{ &kNS_WEAKCRYPTOOVERRIDE_CID, false, nullptr, WeakCryptoOverrideConstructor },
{ nullptr }
};
@ -324,7 +320,6 @@ static const mozilla::Module::ContractIDEntry kNSSContracts[] = {
{ NS_SECURE_BROWSER_UI_CONTRACTID, &kNS_SECURE_BROWSER_UI_CID },
{ NS_SSSERVICE_CONTRACTID, &kNS_SITE_SECURITY_SERVICE_CID },
{ NS_CERTBLOCKLIST_CONTRACTID, &kNS_CERT_BLOCKLIST_CID },
{ NS_WEAKCRYPTOOVERRIDE_CONTRACTID, &kNS_WEAKCRYPTOOVERRIDE_CID },
{ nullptr }
};

235
security/manager/ssl/tests/gtest/TLSIntoleranceTest.cpp
Просмотреть файл

@ -27,29 +27,18 @@ TEST_F(psm_TLSIntoleranceTest, FullFallbackProcess)
{
SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
SSL_LIBRARY_VERSION_TLS_1_2 };
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
helpers.adjustForTLSIntolerance(HOST, PORT, range);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
ASSERT_TRUE(
helpers.rememberStrongCiphersFailed(
HOST, PORT, SSL_ERROR_NO_CYPHER_OVERLAP));
ASSERT_EQ(SSL_ERROR_NO_CYPHER_OVERLAP,
helpers.getIntoleranceReason(HOST, PORT));
}
{
SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
SSL_LIBRARY_VERSION_TLS_1_2 };
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
helpers.adjustForTLSIntolerance(HOST, PORT, range);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
ASSERT_FALSE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
range.min, range.max, 0));
}
@ -57,13 +46,10 @@ TEST_F(psm_TLSIntoleranceTest, FullFallbackProcess)
{
SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
SSL_LIBRARY_VERSION_TLS_1_2 };
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
helpers.adjustForTLSIntolerance(HOST, PORT, range);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
ASSERT_FALSE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
range.min, range.max, 0));
}
@ -71,13 +57,10 @@ TEST_F(psm_TLSIntoleranceTest, FullFallbackProcess)
{
SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
SSL_LIBRARY_VERSION_TLS_1_2 };
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
helpers.adjustForTLSIntolerance(HOST, PORT, range);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.max);
ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
ASSERT_FALSE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
range.min, range.max, 0));
}
@ -85,13 +68,11 @@ TEST_F(psm_TLSIntoleranceTest, FullFallbackProcess)
{
SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
SSL_LIBRARY_VERSION_TLS_1_2 };
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
helpers.adjustForTLSIntolerance(HOST, PORT, range);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
// When rememberIntolerantAtVersion returns false, it also resets the
// intolerance information for the server.
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
}
}
@ -125,11 +106,9 @@ TEST_F(psm_TLSIntoleranceTest, FallbackLimitBelowMin)
{
SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
SSL_LIBRARY_VERSION_TLS_1_2 };
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
helpers.adjustForTLSIntolerance(HOST, PORT, range);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
}
ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
@ -147,11 +126,9 @@ TEST_F(psm_TLSIntoleranceTest, TolerantOverridesIntolerant1)
helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1);
SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
SSL_LIBRARY_VERSION_TLS_1_2 };
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
helpers.adjustForTLSIntolerance(HOST, PORT, range);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
}
TEST_F(psm_TLSIntoleranceTest, TolerantOverridesIntolerant2)
@ -163,11 +140,9 @@ TEST_F(psm_TLSIntoleranceTest, TolerantOverridesIntolerant2)
helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_2);
SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
SSL_LIBRARY_VERSION_TLS_1_2 };
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
helpers.adjustForTLSIntolerance(HOST, PORT, range);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
}
TEST_F(psm_TLSIntoleranceTest, IntolerantDoesNotOverrideTolerant)
@ -181,11 +156,9 @@ TEST_F(psm_TLSIntoleranceTest, IntolerantDoesNotOverrideTolerant)
0));
SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
SSL_LIBRARY_VERSION_TLS_1_2 };
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
helpers.adjustForTLSIntolerance(HOST, PORT, range);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
}
TEST_F(psm_TLSIntoleranceTest, PortIsRelevant)
@ -203,16 +176,14 @@ TEST_F(psm_TLSIntoleranceTest, PortIsRelevant)
{
SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
SSL_LIBRARY_VERSION_TLS_1_2 };
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
helpers.adjustForTLSIntolerance(HOST, 1, range, strongCipherStatus);
helpers.adjustForTLSIntolerance(HOST, 1, range);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
}
{
SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
SSL_LIBRARY_VERSION_TLS_1_2 };
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
helpers.adjustForTLSIntolerance(HOST, 2, range, strongCipherStatus);
helpers.adjustForTLSIntolerance(HOST, 2, range);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
}
}
@ -252,147 +223,6 @@ TEST_F(psm_TLSIntoleranceTest, IntoleranceReasonCleared)
ASSERT_EQ(0, helpers.getIntoleranceReason(HOST, 1));
}
TEST_F(psm_TLSIntoleranceTest, StrongCiphersFailed)
{
helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_1;
ASSERT_TRUE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
{
SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
SSL_LIBRARY_VERSION_TLS_1_2 };
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
range.min, range.max, 0));
}
{
SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
SSL_LIBRARY_VERSION_TLS_1_2 };
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
range.min, range.max, 0));
}
{
SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
SSL_LIBRARY_VERSION_TLS_1_2 };
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
// When rememberIntolerantAtVersion returns false, it also resets the
// intolerance information for the server.
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
}
}
TEST_F(psm_TLSIntoleranceTest, StrongCiphersFailedAt1_1)
{
helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_0;
// No adjustment made when there is no entry for the site.
{
SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
SSL_LIBRARY_VERSION_TLS_1_2 };
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
range.min, range.max, 0));
}
{
SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
SSL_LIBRARY_VERSION_TLS_1_2 };
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
ASSERT_TRUE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
}
{
SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
SSL_LIBRARY_VERSION_TLS_1_2 };
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
range.min, range.max, 0));
}
{
SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
SSL_LIBRARY_VERSION_TLS_1_2 };
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.max);
ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
}
}
TEST_F(psm_TLSIntoleranceTest, StrongCiphersFailedWithHighLimit)
{
// this value disables version fallback entirely: with this value, all efforts
// to mark an origin as version intolerant fail
helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_2;
// ...but weak ciphers fallback will not be disabled
ASSERT_TRUE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
SSL_LIBRARY_VERSION_TLS_1_0,
SSL_LIBRARY_VERSION_TLS_1_2,
0));
ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
SSL_LIBRARY_VERSION_TLS_1_0,
SSL_LIBRARY_VERSION_TLS_1_1,
0));
ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
SSL_LIBRARY_VERSION_TLS_1_0,
SSL_LIBRARY_VERSION_TLS_1_0,
0));
}
TEST_F(psm_TLSIntoleranceTest, TolerantDoesNotOverrideWeakCiphersFallback)
{
ASSERT_TRUE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
// No adjustment made when intolerant is zero.
helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1);
SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
SSL_LIBRARY_VERSION_TLS_1_2 };
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
}
TEST_F(psm_TLSIntoleranceTest, WeakCiphersFallbackDoesNotOverrideTolerant)
{
// No adjustment made when there is no entry for the site.
helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1);
// false because strongCipherWorked is set by rememberTolerantAtVersion.
ASSERT_FALSE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
SSL_LIBRARY_VERSION_TLS_1_2 };
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
}
TEST_F(psm_TLSIntoleranceTest, TLSForgetIntolerance)
{
{
@ -403,11 +233,9 @@ TEST_F(psm_TLSIntoleranceTest, TLSForgetIntolerance)
SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
SSL_LIBRARY_VERSION_TLS_1_2 };
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
helpers.adjustForTLSIntolerance(HOST, PORT, range);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
}
{
@ -415,34 +243,9 @@ TEST_F(psm_TLSIntoleranceTest, TLSForgetIntolerance)
SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
SSL_LIBRARY_VERSION_TLS_1_2 };
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
helpers.adjustForTLSIntolerance(HOST, PORT, range);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
}
}
TEST_F(psm_TLSIntoleranceTest, TLSForgetStrongCipherFailed)
{
{
ASSERT_TRUE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
SSL_LIBRARY_VERSION_TLS_1_2 };
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
}
{
helpers.forgetIntolerance(HOST, PORT);
SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
SSL_LIBRARY_VERSION_TLS_1_2 };
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
}
}
@ -453,11 +256,9 @@ TEST_F(psm_TLSIntoleranceTest, TLSDontForgetTolerance)
SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
SSL_LIBRARY_VERSION_TLS_1_2 };
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
helpers.adjustForTLSIntolerance(HOST, PORT, range);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
}
{
@ -468,11 +269,9 @@ TEST_F(psm_TLSIntoleranceTest, TLSDontForgetTolerance)
SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
SSL_LIBRARY_VERSION_TLS_1_2 };
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
helpers.adjustForTLSIntolerance(HOST, PORT, range);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
}
{
@ -480,11 +279,9 @@ TEST_F(psm_TLSIntoleranceTest, TLSDontForgetTolerance)
SSLVersionRange range = { SSL_LIBRARY_VERSION_TLS_1_0,
SSL_LIBRARY_VERSION_TLS_1_2 };
StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
helpers.adjustForTLSIntolerance(HOST, PORT, range);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.min);
ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
}
}

273
security/manager/ssl/tests/unit/test_weak_crypto.js
Просмотреть файл

@ -1,273 +0,0 @@
/* Any copyright is dedicated to the Public Domain.
http://creativecommons.org/publicdomain/zero/1.0/ */
"use strict";
// Tests the weak crypto override
const TLS_RSA_WITH_RC4_128_MD5 = 0x0004;
const TLS_RSA_WITH_RC4_128_SHA = 0x0005;
const TLS_ECDHE_ECDSA_WITH_RC4_128_SHA = 0xC007;
const TLS_ECDHE_RSA_WITH_RC4_128_SHA = 0xC011;
// Need profile dir to store the key / cert
do_get_profile();
// Ensure PSM is initialized
Cc["@mozilla.org/psm;1"].getService(Ci.nsISupports);
const certService = Cc["@mozilla.org/security/local-cert-service;1"]
.getService(Ci.nsILocalCertService);
const certOverrideService = Cc["@mozilla.org/security/certoverride;1"]
.getService(Ci.nsICertOverrideService);
const weakCryptoOverride = Cc["@mozilla.org/security/weakcryptooverride;1"]
.getService(Ci.nsIWeakCryptoOverride);
const socketTransportService =
Cc["@mozilla.org/network/socket-transport-service;1"]
.getService(Ci.nsISocketTransportService);
function getCert() {
let deferred = Promise.defer();
certService.getOrCreateCert("tls-test", {
handleCert: function(c, rv) {
if (rv) {
deferred.reject(rv);
return;
}
deferred.resolve(c);
}
});
return deferred.promise;
}
function startServer(cert, rc4only) {
let tlsServer = Cc["@mozilla.org/network/tls-server-socket;1"]
.createInstance(Ci.nsITLSServerSocket);
tlsServer.init(-1, true, -1);
tlsServer.serverCert = cert;
let input, output;
let listener = {
onSocketAccepted: function(socket, transport) {
do_print("Accept TLS client connection");
let connectionInfo = transport.securityInfo
.QueryInterface(Ci.nsITLSServerConnectionInfo);
connectionInfo.setSecurityObserver(listener);
input = transport.openInputStream(0, 0, 0);
output = transport.openOutputStream(0, 0, 0);
},
onHandshakeDone: function(socket, status) {
do_print("TLS handshake done");
equal(status.tlsVersionUsed, Ci.nsITLSClientStatus.TLS_VERSION_1_2,
"Using TLS 1.2");
let expectedCipher = rc4only ? "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA"
: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256";
equal(status.cipherName, expectedCipher,
"Using expected cipher");
equal(status.keyLength, 128, "Using 128-bit key");
equal(status.macLength, rc4only ? 160 : 128, "Using MAC of expected length");
input.asyncWait({
onInputStreamReady: function(streamReadyInput) {
NetUtil.asyncCopy(streamReadyInput, output);
}
}, 0, 0, Services.tm.currentThread);
},
onStopListening: function() {}
};
tlsServer.setSessionCache(false);
tlsServer.setSessionTickets(false);
tlsServer.setRequestClientCertificate(Ci.nsITLSServerSocket.REQUEST_NEVER);
if (rc4only) {
let cipherSuites = [
TLS_ECDHE_RSA_WITH_RC4_128_SHA,
TLS_ECDHE_ECDSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_RC4_128_MD5
];
tlsServer.setCipherSuites(cipherSuites, cipherSuites.length);
}
tlsServer.asyncListen(listener);
return tlsServer.port;
}
function storeCertOverride(port, cert) {
let overrideBits = Ci.nsICertOverrideService.ERROR_UNTRUSTED |
Ci.nsICertOverrideService.ERROR_MISMATCH;
certOverrideService.rememberValidityOverride("127.0.0.1", port, cert,
overrideBits, true);
}
function startClient(port, expectedResult, options = {}) {
let transport =
socketTransportService.createTransport(["ssl"], 1, "127.0.0.1", port, null);
if (options.isPrivate) {
transport.connectionFlags |= Ci.nsISocketTransport.NO_PERMANENT_STORAGE;
}
let input;
let output;
let deferred = Promise.defer();
let handler = {
onTransportStatus: function(unused, status) {
if (status === Ci.nsISocketTransport.STATUS_CONNECTED_TO) {
output.asyncWait(handler, 0, 0, Services.tm.currentThread);
}
},
onInputStreamReady: function(streamReadyInput) {
try {
let data =
NetUtil.readInputStreamToString(streamReadyInput,
streamReadyInput.available());
equal(Cr.NS_OK, expectedResult, "Connection should succeed");
equal(data, "HELLO", "Echoed data received");
} catch (e) {
if (!((e.result == Cr.NS_ERROR_NET_RESET) && options.allowReset) &&
(e.result != expectedResult)) {
deferred.reject(e);
}
}
streamReadyInput.close();
output.close();
deferred.resolve();
},
onOutputStreamReady: function(streamReadyOutput) {
try {
try {
streamReadyOutput.write("HELLO", 5);
} catch (e) {
if (e.result == Cr.NS_BASE_STREAM_WOULD_BLOCK) {
streamReadyOutput.asyncWait(handler, 0, 0, Services.tm.currentThread);
return;
}
if (e.result != Cr.NS_OK) {
ok((e.result === expectedResult) ||
(options.allowReset && (e.result === Cr.NS_ERROR_NET_RESET)),
"Actual and expected connection result should match");
streamReadyOutput.close();
deferred.resolve();
return;
}
}
do_print("Output to server written");
input = transport.openInputStream(0, 0, 0);
input.asyncWait(handler, 0, 0, Services.tm.currentThread);
} catch (e) {
deferred.reject(e);
}
}
};
transport.setEventSink(handler, Services.tm.currentThread);
output = transport.openOutputStream(Ci.nsITransport.OPEN_UNBUFFERED, 0, 0);
output.QueryInterface(Ci.nsIAsyncOutputStream);
return deferred.promise;
}
function run_test() {
Services.prefs.setBoolPref("security.tls.unrestricted_rc4_fallback", false);
run_next_test();
}
// for sanity check
add_task(function* () {
let cert = yield getCert();
ok(!!cert, "Got self-signed cert");
let port = startServer(cert, false);
storeCertOverride(port, cert);
yield startClient(port, Cr.NS_OK);
yield startClient(port, Cr.NS_OK, {isPrivate: true});
});
add_task(function* () {
let cert = yield getCert();
ok(!!cert, "Got self-signed cert");
let port = startServer(cert, true);
storeCertOverride(port, cert);
yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP));
yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
{isPrivate: true});
weakCryptoOverride.addWeakCryptoOverride("127.0.0.1", true);
// private browsing should not affect the permanent storage.
equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"),
"");
yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP));
// The auto-retry on connection reset is implemented in our HTTP layer.
// So we will see the crafted NS_ERROR_NET_RESET when we use
// nsISocketTransport directly.
yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
{isPrivate: true, allowReset: true});
// retry manually to simulate the HTTP layer
yield startClient(port, Cr.NS_OK, {isPrivate: true});
weakCryptoOverride.removeWeakCryptoOverride("127.0.0.1", port, true);
equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"),
"");
yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP));
yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
{isPrivate: true});
weakCryptoOverride.addWeakCryptoOverride("127.0.0.1", false, true);
// temporary override should not change the pref.
equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"),
"");
yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
{allowReset: true});
yield startClient(port, Cr.NS_OK);
yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
{isPrivate: true});
weakCryptoOverride.removeWeakCryptoOverride("127.0.0.1", port, false);
equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"),
"");
yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP));
yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
{isPrivate: true});
weakCryptoOverride.addWeakCryptoOverride("127.0.0.1", false);
// permanent override should change the pref.
equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"),
"127.0.0.1");
yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
{allowReset: true});
yield startClient(port, Cr.NS_OK);
yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
{isPrivate: true});
weakCryptoOverride.removeWeakCryptoOverride("127.0.0.1", port, false);
equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"),
"");
yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP));
yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
{isPrivate: true});
// add a host to the pref to prepare the next test
weakCryptoOverride.addWeakCryptoOverride("127.0.0.1", false);
yield startClient(port, getXPCOMStatusFromNSS(SSL_ERROR_NO_CYPHER_OVERLAP),
{allowReset: true});
yield startClient(port, Cr.NS_OK);
equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"),
"127.0.0.1");
});
add_task(function* () {
let cert = yield getCert();
ok(!!cert, "Got self-signed cert");
let port = startServer(cert, false);
storeCertOverride(port, cert);
yield startClient(port, Cr.NS_OK);
// Successful strong cipher will remove the host from the pref.
equal(Services.prefs.getCharPref("security.tls.insecure_fallback_hosts"),
"");
});

11
toolkit/components/telemetry/Histograms.json
Просмотреть файл

@ -8418,13 +8418,6 @@
"n_values": 64,
"description": "TLS/SSL version intolerance was falsely detected, server rejected handshake (see tlsIntoleranceTelemetryBucket() in nsNSSIOLayer.cpp)."
},
"SSL_WEAK_CIPHERS_FALLBACK": {
"alert_emails": ["seceng-telemetry@mozilla.com"],
"expires_in_version": "never",
"kind": "enumerated",
"n_values": 64,
"description": "Fallback attempted when server did not support any strong cipher suites"
},
"SSL_CIPHER_SUITE_FULL": {
"alert_emails": ["seceng-telemetry@mozilla.com"],
"expires_in_version": "never",
@ -8486,14 +8479,14 @@
"expires_in_version": "never",
"kind": "enumerated",
"n_values": 32,
"description": "Symmetric cipher used in full handshake (null=0, rc4=1, 3des=4, aes-cbc=7, camellia=8, seed=9, aes-gcm=10)"
"description": "Symmetric cipher used in full handshake (null=0, 3des=4, aes-cbc=7, aes-gcm=10, chacha20=11)"
},
"SSL_SYMMETRIC_CIPHER_RESUMED": {
"alert_emails": ["seceng-telemetry@mozilla.com"],
"expires_in_version": "never",
"kind": "enumerated",
"n_values": 32,
"description": "Symmetric cipher used in resumed handshake (null=0, rc4=1, 3des=4, aes-cbc=7, camellia=8, seed=9, aes-gcm=10)"
"description": "Symmetric cipher used in resumed handshake (null=0, 3des=4, aes-cbc=7, aes-gcm=10, chacha20=11)"
},
"SSL_REASONS_FOR_NOT_FALSE_STARTING": {
"alert_emails": ["seceng-telemetry@mozilla.com"],

1
toolkit/components/telemetry/histogram-whitelists.json
Просмотреть файл

@ -1545,7 +1545,6 @@
"SSL_TLS12_INTOLERANCE_REASON_POST",
"SSL_TLS12_INTOLERANCE_REASON_PRE",
"SSL_VERSION_FALLBACK_INAPPROPRIATE",
"SSL_WEAK_CIPHERS_FALLBACK",
"STARTUP_CRASH_DETECTED",
"STARTUP_MEASUREMENT_ERRORS",
"STS_NUMBER_OF_ONSOCKETREADY_CALLS",