From 99009003008fd3220ed5972f0f4424a64dca6257 Mon Sep 17 00:00:00 2001 From: Georg Koppen Date: Fri, 12 Jan 2018 12:56:00 +0200 Subject: [PATCH 1/2] Bug 1384309 - Fix about:support's graphics section when 'webgl.disable-extensions' is true. r=jrmuizel --- toolkit/modules/Troubleshoot.jsm | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/toolkit/modules/Troubleshoot.jsm b/toolkit/modules/Troubleshoot.jsm index 03bcbd43c17d..1a55c5173a4a 100644 --- a/toolkit/modules/Troubleshoot.jsm +++ b/toolkit/modules/Troubleshoot.jsm @@ -528,7 +528,9 @@ var dataProviders = { // Eagerly free resources. let loseExt = gl.getExtension("WEBGL_lose_context"); - loseExt.loseContext(); + if (loseExt) { + loseExt.loseContext(); + } } GetWebGLInfo(data, "webgl1", "webgl"); From ede3b336174abcbe63df22d87eb81293a1e4aed2 Mon Sep 17 00:00:00 2001 From: EKR Date: Wed, 27 Dec 2017 16:34:56 -0800 Subject: [PATCH 2/2] Bug 1430268 - Unconditionally enable compat mode. r=keeler Summary: Needed for real TLS 1.3 deployment Reviewers: mt Differential Revision: https://phabricator.services.mozilla.com/D342 --- security/manager/ssl/nsNSSIOLayer.cpp | 24 +++++++----------------- 1 file changed, 7 insertions(+), 17 deletions(-) diff --git a/security/manager/ssl/nsNSSIOLayer.cpp b/security/manager/ssl/nsNSSIOLayer.cpp index f6cb7300afc1..ae6ba2f52fe6 100644 --- a/security/manager/ssl/nsNSSIOLayer.cpp +++ b/security/manager/ssl/nsNSSIOLayer.cpp @@ -75,7 +75,7 @@ namespace { // 0 means no override 1->4 are 1.0, 1.1, 1.2, 1.3, 4->7 unused // bits 3-5 (mask 0x38) specify the tls fallback limit // 0 means no override, values 1->4 match prefs -// bit 6 (mask 0x40) specifies use of TLS 1.3 compatibility mode (draft-22) +// bit 6 (mask 0x40) was used to specify compat mode. Temporarily reserved. enum { kTLSProviderFlagMaxVersion10 = 0x01, @@ -94,11 +94,6 @@ static uint32_t getTLSProviderFlagFallbackLimit(uint32_t flags) return (flags & 0x38) >> 3; } -static bool getTLSProviderFlagCompatMode(uint32_t flags) -{ - return (flags & 0x40); -} - #define MAX_ALPN_LENGTH 255 void @@ -2580,6 +2575,12 @@ nsSSLIOLayerSetOptions(PRFileDesc* fd, bool forSTARTTLS, return NS_ERROR_FAILURE; } + // Set TLS 1.3 compat mode. + if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_TLS13_COMPAT_MODE, PR_TRUE)) { + MOZ_LOG(gPIPNSSLog, LogLevel::Error, + ("[%p] nsSSLIOLayerSetOptions: Setting compat mode failed\n", fd)); + } + // setting TLS max version uint32_t versionFlags = getTLSProviderFlagMaxVersion(infoObject->GetProviderTlsFlags()); @@ -2601,17 +2602,6 @@ nsSSLIOLayerSetOptions(PRFileDesc* fd, bool forSTARTTLS, } } - // enabling alternative handshake - if (getTLSProviderFlagCompatMode(infoObject->GetProviderTlsFlags())) { - MOZ_LOG(gPIPNSSLog, LogLevel::Debug, - ("[%p] nsSSLIOLayerSetOptions: Use Compatible Handshake\n", fd)); - if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_TLS13_COMPAT_MODE, PR_TRUE)) { - MOZ_LOG(gPIPNSSLog, LogLevel::Error, - ("[%p] nsSSLIOLayerSetOptions: Setting compat mode failed\n", fd)); - // continue on default path - } - } - if ((infoObject->GetProviderFlags() & nsISocketProvider::BE_CONSERVATIVE) && (range.max > SSL_LIBRARY_VERSION_TLS_1_2)) { MOZ_LOG(gPIPNSSLog, LogLevel::Debug,