mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

b=184940 Enable additional SSL ciphers, add configuration UI 

r=javi sr=jaggernaut
This commit is contained in:
kaie%netscape.com 2003-01-07 00:58:24 +00:00
Родитель f3fc0935dc
Коммит 233f20dbed
20 изменённых файлов: 1209 добавлений и 2636 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

40
netwerk/base/public/security-prefs.js
Просмотреть файл

@ -4,22 +4,34 @@ pref("security.enable_ssl2", true);
pref("security.enable_ssl3", true);
pref("security.enable_tls", true);
pref("security.ssl2.des_64", true);
pref("security.ssl2.des_ede3_192", true);
pref("security.ssl2.rc2_128", true);
pref("security.ssl2.rc2_40", true);
pref("security.ssl2.rc4_128", true);
pref("security.ssl2.rc4_40", true);
pref("security.ssl3.rsa_1024_des_cbc_sha", true);
pref("security.ssl3.rsa_1024_rc4_56_sha", true);
pref("security.ssl3.rsa_des_ede3_sha", true);
pref("security.ssl3.rsa_des_sha", true);
pref("security.ssl3.rsa_fips_des_ede3_sha", true);
pref("security.ssl3.rsa_fips_des_sha", true);
pref("security.ssl3.rsa_null_md5", false);
pref("security.ssl3.rsa_rc2_40_md5", true);
pref("security.ssl2.rc4_128", true);
pref("security.ssl2.rc2_128", true);
pref("security.ssl2.des_ede3_192", true);
pref("security.ssl2.des_64", true);
pref("security.ssl2.rc4_40", true);
pref("security.ssl2.rc2_40", true);
pref("security.ssl3.rsa_rc4_128_md5", true);
pref("security.ssl3.rsa_rc4_128_sha", true);
pref("security.ssl3.rsa_fips_des_ede3_sha", true);
pref("security.ssl3.rsa_des_ede3_sha", true);
pref("security.ssl3.rsa_fips_des_sha", true);
pref("security.ssl3.rsa_des_sha", true);
pref("security.ssl3.rsa_1024_rc4_56_sha", true);
pref("security.ssl3.rsa_1024_des_cbc_sha", true);
pref("security.ssl3.rsa_rc4_40_md5", true);
pref("security.ssl3.rsa_rc2_40_md5", true);
pref("security.ssl3.dhe_rsa_aes_256_sha", true);
pref("security.ssl3.dhe_dss_aes_256_sha", true);
pref("security.ssl3.rsa_aes_256_sha", true);
pref("security.ssl3.dhe_rsa_aes_128_sha", true);
pref("security.ssl3.dhe_dss_aes_128_sha", true);
pref("security.ssl3.rsa_aes_128_sha", true);
pref("security.ssl3.dhe_rsa_des_ede3_sha", true);
pref("security.ssl3.dhe_dss_des_ede3_sha", true);
pref("security.ssl3.dhe_rsa_des_sha", true);
pref("security.ssl3.dhe_dss_des_sha", true);
pref("security.ssl3.rsa_null_sha", false);
pref("security.ssl3.rsa_null_md5", false);
pref("security.default_personal_cert", "Select Automatically");
pref("security.ask_for_password", 0);

82
security/manager/pki/resources/content/cipherinfo.js Normal file
Просмотреть файл

@ -0,0 +1,82 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Mozilla Communicator.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 2002
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Kai Engert <kaie@netscape.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
const nsCipherInfoService = "@mozilla.org/security/cipherinfo;1";
const nsICipherInfoService = Components.interfaces.nsICipherInfoService;
const nsICipherInfo = Components.interfaces.nsICipherInfo;
function onLoad()
{
var cipher_name = self.name;
var cipher_info_service = Components.classes[nsCipherInfoService].getService(nsICipherInfoService);
var cipher = cipher_info_service.getCipherInfoByPrefString(self.name);
var info_name = document.getElementById("name");
var info_encryption = document.getElementById("encryption");
var info_authAlg = document.getElementById("authAlg");
var info_keyAlg = document.getElementById("keyAlg");
var info_keySize = document.getElementById("keySize");
var info_macAlg = document.getElementById("macAlg");
var info_fips = document.getElementById("fips");
var info_exportable = document.getElementById("exportable");
try {
info_name.setAttribute("value", cipher.longName);
info_encryption.setAttribute("value", cipher.symCipherName);
info_authAlg.setAttribute("value", cipher.authAlgorithmName);
info_keyAlg.setAttribute("value", cipher.keaTypeName);
info_keySize.setAttribute("value", cipher.effectiveKeyBits);
info_macAlg.setAttribute("value", cipher.macAlgorithmName);
if (cipher.isFIPS) {
info_fips.removeAttribute("collapsed");
}
else {
info_fips.setAttribute("collapsed", "true");
}
if (cipher.isExportable) {
info_exportable.removeAttribute("collapsed");
}
else {
info_exportable.setAttribute("collapsed", "true");
}
}
catch (e) {
}
}

96
security/manager/pki/resources/content/cipherinfo.xul Normal file
Просмотреть файл

@ -0,0 +1,96 @@
<?xml version="1.0"?>
<!-- ***** BEGIN LICENSE BLOCK *****
- Version: MPL 1.1/GPL 2.0/LGPL 2.1
-
- The contents of this file are subject to the Mozilla Public License Version
- 1.1 (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
- http://www.mozilla.org/MPL/
-
- Software distributed under the License is distributed on an "AS IS" basis,
- WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- for the specific language governing rights and limitations under the
- License.
-
- The Original Code is Mozilla Communicator
-
- The Initial Developer of the Original Code is
- Netscape Communications Corp..
- Portions created by the Initial Developer are Copyright (C) 2001
- the Initial Developer. All Rights Reserved.
-
- Contributor(s):
- Kai Engert <kaie@netscape.com>
-
- Alternatively, the contents of this file may be used under the terms of
- either the GNU General Public License Version 2 or later (the "GPL"), or
- the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- in which case the provisions of the GPL or the LGPL are applicable instead
- of those above. If you wish to allow use of your version of this file only
- under the terms of either the GPL or the LGPL, and not to allow others to
- use your version of this file under the terms of the MPL, indicate your
- decision by deleting the provisions above and replace them with the notice
- and other provisions required by the LGPL or the GPL. If you do not delete
- the provisions above, a recipient may use your version of this file under
- the terms of any one of the MPL, the GPL or the LGPL.
-
- ***** END LICENSE BLOCK ***** -->
<!DOCTYPE window SYSTEM "chrome://pippki/locale/pref-ssl.dtd">
<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
<?xul-overlay href="chrome://global/content/dialogOverlay.xul"?>
<window id="cipherinfo"
title="&cipherinfo.title;"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
onload="onLoad();">
<script type="application/x-javascript" src="chrome://pippki/content/cipherinfo.js"/>
<grid style="margin: 1em;">
<columns>
<column/>
<column/>
</columns>
<rows>
<row>
<label value="&cipher.name;"/>
<label id="name"/>
</row>
<row>
<label value="&cipher.encryption;"/>
<label id="encryption"/>
</row>
<row>
<label value="&cipher.authAlg;"/>
<label id="authAlg"/>
</row>
<row>
<label value="&cipher.keyAlg;"/>
<label id="keyAlg"/>
</row>
<row>
<label value="&cipher.keySize;"/>
<label id="keySize"/>
</row>
<row>
<label value="&cipher.macAlg;"/>
<label id="macAlg"/>
</row>
<row>
<label value="&cipher.other;"/>
<label id="fips" value="&cipher.fips;" collapsed="true"/>
</row>
<row>
<label value=""/>
<label id="exportable" value="&cipher.exportable;" collapsed="true"/>
</row>
</rows>
</grid>
<keyset id="dialogKeys"/>
<hbox id="okCancelButtonsRight"/>
</window>

99
security/manager/pki/resources/content/pref-ciphers.js Normal file
Просмотреть файл

@ -0,0 +1,99 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Mozilla Communicator.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 2002
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Terry Hayes <thayes@netscape.com>
* Kai Engert <kaie@netscape.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
var gPrefs = null;
function onLoad() {
doSetOKCancel(doOK, doCancel);
// Set checkboxes from prefs
const nsIPref = Components.interfaces.nsIPref;
gPrefs = Components.classes["@mozilla.org/preferences;1"].getService(nsIPref);
// Enumerate each checkbox on this page and set value
var prefElements = document.getElementsByAttribute("prefstring", "*");
for (var i = 0; i < prefElements.length; i++) {
var element = prefElements[i];
var prefString = element.getAttribute("prefstring");
var prefValue = false;
try {
prefValue = gPrefs.GetBoolPref(prefString);
} catch(e) { /* Put debug output here */ }
element.setAttribute("checked", prefValue);
// disable xul element if the pref is locked.
if (gPrefs.PrefIsLocked(prefString)) {
element.disabled=true;
}
}
}
function showInfo(cipher_name) {
window.openDialog('chrome://pippki/content/cipherinfo.xul', cipher_name,
'modal=yes,resizable,chrome');
}
function doOK() {
// Save the prefs
try {
// Enumerate each checkbox on this page and save the value
var prefElements = document.getElementsByAttribute("prefstring", "*");
for (var i = 0; i < prefElements.length; i++) {
var element = prefElements[i];
var prefString = element.getAttribute("prefstring");
var prefValue = element.getAttribute("checked");
if (typeof(prefValue) == "string") {
prefValue = (prefValue == "true");
}
gPrefs.SetBoolPref(prefString, prefValue);
}
gPrefs.savePrefFile(null);
} catch(e) { }
window.close();
}
function doCancel() {
window.close();
}

183
security/manager/pki/resources/content/pref-ciphers.xul
Просмотреть файл

@ -1,143 +1,78 @@
<?xml version="1.0"?>
<!--
- The contents of this file are subject to the Mozilla Public
- License Version 1.1 (the "License"); you may not use this file
- except in compliance with the License. You may obtain a copy of
- the License at http://www.mozilla.org/MPL/
-
- Software distributed under the License is distributed on an "AS
- IS" basis, WITHOUT WARRANTY OF ANY KIND, either express or
- implied. See the License for the specific language governing
- rights and limitations under the License.
-
- The Original Code is mozilla.org code.
-
- The Initial Developer of the Original Code is Netscape
- Communications Corp. Portions created by Netscape are
- Copyright (C) 2001 Netscape Communications Corp. All
- Rights Reserved.
-
<!-- ***** BEGIN LICENSE BLOCK *****
- Version: MPL 1.1/GPL 2.0/LGPL 2.1
-
- The contents of this file are subject to the Mozilla Public License Version
- 1.1 (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
- http://www.mozilla.org/MPL/
-
- Software distributed under the License is distributed on an "AS IS" basis,
- WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- for the specific language governing rights and limitations under the
- License.
-
- The Original Code is Mozilla Communicator
-
- The Initial Developer of the Original Code is
- Netscape Communications Corp..
- Portions created by the Initial Developer are Copyright (C) 2001
- the Initial Developer. All Rights Reserved.
-
- Contributor(s):
- Terry Hayes <thayes@netscape.com>
-->
- Kai Engert <kaie@netscape.com>
-
- Alternatively, the contents of this file may be used under the terms of
- either the GNU General Public License Version 2 or later (the "GPL"), or
- the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- in which case the provisions of the GPL or the LGPL are applicable instead
- of those above. If you wish to allow use of your version of this file only
- under the terms of either the GPL or the LGPL, and not to allow others to
- use your version of this file under the terms of the MPL, indicate your
- decision by deleting the provisions above and replace them with the notice
- and other provisions required by the LGPL or the GPL. If you do not delete
- the provisions above, a recipient may use your version of this file under
- the terms of any one of the MPL, the GPL or the LGPL.
-
- ***** END LICENSE BLOCK ***** -->
<!DOCTYPE window SYSTEM "chrome://pippki/locale/pref-ssl.dtd">
<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
<?xul-overlay href="chrome://global/content/dialogOverlay.xul"?>
<?xul-overlay href="chrome://pippki/content/ssl2ciphers.xul"?>
<?xul-overlay href="chrome://pippki/content/ssl3tlsciphers.xul"?>
<?xul-overlay href="chrome://pippki/content/ssl3tlsciphers2.xul"?>
<window id="pref-ciphers" title="&cipher.title;"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
onload="onLoad();">
<script type="application/x-javascript"><![CDATA[
var prefs = null;
<script type="application/x-javascript" src="chrome://help/content/contextHelp.js"/>
<script type="application/x-javascript" src="chrome://global/content/strres.js"/>
<script type="application/x-javascript" src="chrome://pippki/content/pippki.js"/>
<script type="application/x-javascript" src="chrome://pippki/content/pref-ciphers.js"/>
function onLoad() {
doSetOKCancel(doOK, doCancel);
<vbox flex="1">
<tabbox flex="1">
<tabs id="ciphersTabbox">
<tab id="ssl2_tab" label="&cipher.tab.ssl2;"/>
<tab id="ssl3tls_tab" label="&cipher.tab.ssl3tls;"/>
<tab id="ssl3tls_extra_tab" label="&cipher.tab.ssl3tls_extra;"/>
</tabs>
<tabpanels flex="1">
<vbox id="ssl2_ciphers" flex="1"/>
<vbox id="ssl3tls_ciphers" flex="1"/>
<vbox id="ssl3tls_extra_ciphers" flex="1"/>
</tabpanels>
</tabbox>
// Set checkboxes from prefs
const nsIPref = Components.interfaces.nsIPref;
prefs = Components.classes["@mozilla.org/preferences;1"].getService(nsIPref);
// Enumerate each checkbox on this page and set value
var prefElements = document.getElementsByAttribute("prefstring", "*");
for (var i = 0; i < prefElements.length; i++) {
var element = prefElements[i];
var prefString = element.getAttribute("prefstring");
var prefValue = false;
try {
prefValue = prefs.GetBoolPref(prefString);
} catch(e) { /* Put debug output here */ }
element.setAttribute("checked", prefValue);
// disable xul element if the pref is locked.
if (prefs.PrefIsLocked(prefString)) {
element.disabled=true;
}
}
}
function doOK() {
// Save the prefs
try {
// Enumerate each checkbox on this page and save the value
var prefElements = document.getElementsByAttribute("prefstring", "*");
for (var i = 0; i < prefElements.length; i++) {
var element = prefElements[i];
var prefString = element.getAttribute("prefstring");
var prefValue = element.getAttribute("checked");
if (typeof(prefValue) == "string") prefValue = (prefValue == "true");
prefs.SetBoolPref(prefString, prefValue);
}
prefs.savePrefFile(null);
} catch(e) { }
window.close();
}
function doCancel() {
window.close();
}
]]></script>
<vbox style="overflow: hidden;" flex="1">
<groupbox align="start">
<caption label="&cipher.ssl2.label;"/>
<checkbox label="&cipher.ssl2.rc4_128;"
prefstring="security.ssl2.rc4_128"/>
<checkbox label="&cipher.ssl2.rc2_128;"
prefstring="security.ssl2.rc2_128"/>
<checkbox label="&cipher.ssl2.des_ede3_192;"
prefstring="security.ssl2.des_ede3_192"/>
<checkbox label="&cipher.ssl2.des_64;"
prefstring="security.ssl2.des_64"/>
<checkbox label="&cipher.ssl2.rc4_40;"
prefstring="security.ssl2.rc4_40"/>
<checkbox label="&cipher.ssl2.rc2_40;"
prefstring="security.ssl2.rc2_40"/>
</groupbox>
<groupbox align="start">
<caption label="&cipher.ssl3.label;"/>
<checkbox label="&cipher.ssl3.rsa_rc4_128_md5;"
prefstring="security.ssl3.rsa_rc4_128_md5"/>
<checkbox label="&cipher.ssl3.rsa_fips_des_ede3_sha;"
prefstring="security.ssl3.rsa_fips_des_ede3_sha"/>
<checkbox label="&cipher.ssl3.rsa_des_ede3_sha;"
prefstring="security.ssl3.rsa_des_ede3_sha"/>
<checkbox label="&cipher.ssl3.rsa_fips_des_sha;"
prefstring="security.ssl3.rsa_fips_des_sha"/>
<checkbox label="&cipher.ssl3.rsa_des_sha;"
prefstring="security.ssl3.rsa_des_sha"/>
<checkbox label="&cipher.ssl3.rsa_1024_rc4_56_sha;"
prefstring="security.ssl3.rsa_1024_rc4_56_sha"/>
<checkbox label="&cipher.ssl3.rsa_1024_des_cbc_sha;"
prefstring="security.ssl3.rsa_1024_des_cbc_sha"/>
<checkbox label="&cipher.ssl3.rsa_rc4_40_md5;"
prefstring="security.ssl3.rsa_rc4_40_md5"/>
<checkbox label="&cipher.ssl3.rsa_rc2_40_md5;"
prefstring="security.ssl3.rsa_rc2_40_md5"/>
<checkbox label="&cipher.ssl3.rsa_null_md5;"
prefstring="security.ssl3.rsa_null_md5"/>
</groupbox>
<separator/>
<keyset id="dialogKeys"/>
<hbox id="okCancelButtonsRight"/>
<separator/>
<keyset id="dialogKeys"/>
<hbox id="okCancelButtonsRight"/>
</vbox>
</window>

98
security/manager/pki/resources/content/ssl2ciphers.xul Normal file
Просмотреть файл

@ -0,0 +1,98 @@
<?xml version="1.0"?>
<!-- ***** BEGIN LICENSE BLOCK *****
- Version: MPL 1.1/GPL 2.0/LGPL 2.1
-
- The contents of this file are subject to the Mozilla Public License Version
- 1.1 (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
- http://www.mozilla.org/MPL/
-
- Software distributed under the License is distributed on an "AS IS" basis,
- WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- for the specific language governing rights and limitations under the
- License.
-
- The Original Code is Mozilla Communicator
-
- The Initial Developer of the Original Code is
- Netscape Communications Corp..
- Portions created by the Initial Developer are Copyright (C) 2001
- the Initial Developer. All Rights Reserved.
-
- Contributor(s):
- Kai Engert <kaie@netscape.com>
-
- Alternatively, the contents of this file may be used under the terms of
- either the GNU General Public License Version 2 or later (the "GPL"), or
- the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- in which case the provisions of the GPL or the LGPL are applicable instead
- of those above. If you wish to allow use of your version of this file only
- under the terms of either the GPL or the LGPL, and not to allow others to
- use your version of this file under the terms of the MPL, indicate your
- decision by deleting the provisions above and replace them with the notice
- and other provisions required by the LGPL or the GPL. If you do not delete
- the provisions above, a recipient may use your version of this file under
- the terms of any one of the MPL, the GPL or the LGPL.
-
- ***** END LICENSE BLOCK ***** -->
<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
<!DOCTYPE overlay SYSTEM "chrome://pippki/locale/pref-ssl.dtd">
<overlay id="SSL2Overlay"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:cert="http://netscape.com/rdf-cert#"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
<vbox id="ssl2_ciphers">
<groupbox align="start">
<caption label="&cipher.ssl2.label;"/>
<grid>
<columns>
<column/>
<column/>
</columns>
<rows>
<row>
<checkbox label="&cipher.ssl2.rc4_128;"
prefstring="security.ssl2.rc4_128"/>
<button label="&cipher.details;"
oncommand="showInfo('security.ssl2.rc4_128');"/>
</row>
<row>
<checkbox label="&cipher.ssl2.rc2_128;"
prefstring="security.ssl2.rc2_128"/>
<button label="&cipher.details;"
oncommand="showInfo('security.ssl2.rc2_128');"/>
</row>
<row>
<checkbox label="&cipher.ssl2.des_ede3_192;"
prefstring="security.ssl2.des_ede3_192"/>
<button label="&cipher.details;"
oncommand="showInfo('security.ssl2.des_ede3_192');"/>
</row>
<row>
<checkbox label="&cipher.ssl2.des_64;"
prefstring="security.ssl2.des_64"/>
<button label="&cipher.details;"
oncommand="showInfo('security.ssl2.des_64');"/>
</row>
<row>
<checkbox label="&cipher.ssl2.rc4_40;"
prefstring="security.ssl2.rc4_40"/>
<button label="&cipher.details;"
oncommand="showInfo('security.ssl2.rc4_40');"/>
</row>
<row>
<checkbox label="&cipher.ssl2.rc2_40;"
prefstring="security.ssl2.rc2_40"/>
<button label="&cipher.details;"
oncommand="showInfo('security.ssl2.rc2_40');"/>
</row>
</rows>
</grid>
</groupbox>
</vbox>
</overlay>

122
security/manager/pki/resources/content/ssl3tlsciphers.xul Normal file
Просмотреть файл

@ -0,0 +1,122 @@
<?xml version="1.0"?>
<!-- ***** BEGIN LICENSE BLOCK *****
- Version: MPL 1.1/GPL 2.0/LGPL 2.1
-
- The contents of this file are subject to the Mozilla Public License Version
- 1.1 (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
- http://www.mozilla.org/MPL/
-
- Software distributed under the License is distributed on an "AS IS" basis,
- WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- for the specific language governing rights and limitations under the
- License.
-
- The Original Code is Mozilla Communicator
-
- The Initial Developer of the Original Code is
- Netscape Communications Corp..
- Portions created by the Initial Developer are Copyright (C) 2001
- the Initial Developer. All Rights Reserved.
-
- Contributor(s):
- Kai Engert <kaie@netscape.com>
-
- Alternatively, the contents of this file may be used under the terms of
- either the GNU General Public License Version 2 or later (the "GPL"), or
- the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- in which case the provisions of the GPL or the LGPL are applicable instead
- of those above. If you wish to allow use of your version of this file only
- under the terms of either the GPL or the LGPL, and not to allow others to
- use your version of this file under the terms of the MPL, indicate your
- decision by deleting the provisions above and replace them with the notice
- and other provisions required by the LGPL or the GPL. If you do not delete
- the provisions above, a recipient may use your version of this file under
- the terms of any one of the MPL, the GPL or the LGPL.
-
- ***** END LICENSE BLOCK ***** -->
<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
<!DOCTYPE overlay SYSTEM "chrome://pippki/locale/pref-ssl.dtd">
<overlay id="SSL3TLSOverlay"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:cert="http://netscape.com/rdf-cert#"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
<vbox id="ssl3tls_ciphers">
<groupbox align="start">
<caption label="&cipher.ssl3.label;"/>
<grid>
<columns>
<column/>
<column/>
</columns>
<rows>
<row>
<checkbox label="&cipher.ssl3.rsa_rc4_128_md5;"
prefstring="security.ssl3.rsa_rc4_128_md5"/>
<button label="&cipher.details;"
oncommand="showInfo('security.ssl3.rsa_rc4_128_md5');"/>
</row>
<row>
<checkbox label="&cipher.ssl3.rsa_rc4_128_sha;"
prefstring="security.ssl3.rsa_rc4_128_sha"/>
<button label="&cipher.details;"
oncommand="showInfo('security.ssl3.rsa_rc4_128_sha');"/>
</row>
<row>
<checkbox label="&cipher.ssl3.rsa_fips_des_ede3_sha;"
prefstring="security.ssl3.rsa_fips_des_ede3_sha"/>
<button label="&cipher.details;"
oncommand="showInfo('security.ssl3.rsa_fips_des_ede3_sha');"/>
</row>
<row>
<checkbox label="&cipher.ssl3.rsa_des_ede3_sha;"
prefstring="security.ssl3.rsa_des_ede3_sha"/>
<button label="&cipher.details;"
oncommand="showInfo('security.ssl3.rsa_des_ede3_sha');"/>
</row>
<row>
<checkbox label="&cipher.ssl3.rsa_fips_des_sha;"
prefstring="security.ssl3.rsa_fips_des_sha"/>
<button label="&cipher.details;"
oncommand="showInfo('security.ssl3.rsa_fips_des_sha');"/>
</row>
<row>
<checkbox label="&cipher.ssl3.rsa_des_sha;"
prefstring="security.ssl3.rsa_des_sha"/>
<button label="&cipher.details;"
oncommand="showInfo('security.ssl3.rsa_des_sha');"/>
</row>
<row>
<checkbox label="&cipher.ssl3.rsa_1024_rc4_56_sha;"
prefstring="security.ssl3.rsa_1024_rc4_56_sha"/>
<button label="&cipher.details;"
oncommand="showInfo('security.ssl3.rsa_1024_rc4_56_sha');"/>
</row>
<row>
<checkbox label="&cipher.ssl3.rsa_1024_des_cbc_sha;"
prefstring="security.ssl3.rsa_1024_des_cbc_sha"/>
<button label="&cipher.details;"
oncommand="showInfo('security.ssl3.rsa_1024_des_cbc_sha');"/>
</row>
<row>
<checkbox label="&cipher.ssl3.rsa_rc4_40_md5;"
prefstring="security.ssl3.rsa_rc4_40_md5"/>
<button label="&cipher.details;"
oncommand="showInfo('security.ssl3.rsa_rc4_40_md5');"/>
</row>
<row>
<checkbox label="&cipher.ssl3.rsa_rc2_40_md5;"
prefstring="security.ssl3.rsa_rc2_40_md5"/>
<button label="&cipher.details;"
oncommand="showInfo('security.ssl3.rsa_rc2_40_md5');"/>
</row>
</rows>
</grid>
</groupbox>
</vbox>
</overlay>

134
security/manager/pki/resources/content/ssl3tlsciphers2.xul Normal file
Просмотреть файл

@ -0,0 +1,134 @@
<?xml version="1.0"?>
<!-- ***** BEGIN LICENSE BLOCK *****
- Version: MPL 1.1/GPL 2.0/LGPL 2.1
-
- The contents of this file are subject to the Mozilla Public License Version
- 1.1 (the "License"); you may not use this file except in compliance with
- the License. You may obtain a copy of the License at
- http://www.mozilla.org/MPL/
-
- Software distributed under the License is distributed on an "AS IS" basis,
- WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- for the specific language governing rights and limitations under the
- License.
-
- The Original Code is Mozilla Communicator
-
- The Initial Developer of the Original Code is
- Netscape Communications Corp..
- Portions created by the Initial Developer are Copyright (C) 2001
- the Initial Developer. All Rights Reserved.
-
- Contributor(s):
- Kai Engert <kaie@netscape.com>
-
- Alternatively, the contents of this file may be used under the terms of
- either the GNU General Public License Version 2 or later (the "GPL"), or
- the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- in which case the provisions of the GPL or the LGPL are applicable instead
- of those above. If you wish to allow use of your version of this file only
- under the terms of either the GPL or the LGPL, and not to allow others to
- use your version of this file under the terms of the MPL, indicate your
- decision by deleting the provisions above and replace them with the notice
- and other provisions required by the LGPL or the GPL. If you do not delete
- the provisions above, a recipient may use your version of this file under
- the terms of any one of the MPL, the GPL or the LGPL.
-
- ***** END LICENSE BLOCK ***** -->
<?xml-stylesheet href="chrome://global/skin/" type="text/css"?>
<!DOCTYPE overlay SYSTEM "chrome://pippki/locale/pref-ssl.dtd">
<overlay id="ExtraSSL3TLSOverlay"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:cert="http://netscape.com/rdf-cert#"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul">
<vbox id="ssl3tls_extra_ciphers">
<groupbox align="start">
<caption label="&cipher.ssl3_extra.label;"/>
<grid>
<columns>
<column/>
<column/>
</columns>
<rows>
<row>
<checkbox label="&cipher.ssl3.dhe_rsa_aes_256_sha;"
prefstring="security.ssl3.dhe_rsa_aes_256_sha"/>
<button label="&cipher.details;"
oncommand="showInfo('security.ssl3.dhe_rsa_aes_256_sha');"/>
</row>
<row>
<checkbox label="&cipher.ssl3.dhe_dss_aes_256_sha;"
prefstring="security.ssl3.dhe_dss_aes_256_sha"/>
<button label="&cipher.details;"
oncommand="showInfo('security.ssl3.dhe_dss_aes_256_sha');"/>
</row>
<row>
<checkbox label="&cipher.ssl3.rsa_aes_256_sha;"
prefstring="security.ssl3.rsa_aes_256_sha"/>
<button label="&cipher.details;"
oncommand="showInfo('security.ssl3.rsa_aes_256_sha');"/>
</row>
<row>
<checkbox label="&cipher.ssl3.dhe_rsa_aes_128_sha;"
prefstring="security.ssl3.dhe_rsa_aes_128_sha"/>
<button label="&cipher.details;"
oncommand="showInfo('security.ssl3.dhe_rsa_aes_128_sha');"/>
</row>
<row>
<checkbox label="&cipher.ssl3.dhe_dss_aes_128_sha;"
prefstring="security.ssl3.dhe_dss_aes_128_sha"/>
<button label="&cipher.details;"
oncommand="showInfo('security.ssl3.dhe_dss_aes_128_sha');"/>
</row>
<row>
<checkbox label="&cipher.ssl3.rsa_aes_128_sha;"
prefstring="security.ssl3.rsa_aes_128_sha"/>
<button label="&cipher.details;"
oncommand="showInfo('security.ssl3.rsa_aes_128_sha');"/>
</row>
<row>
<checkbox label="&cipher.ssl3.dhe_rsa_des_ede3_sha;"
prefstring="security.ssl3.dhe_rsa_des_ede3_sha"/>
<button label="&cipher.details;"
oncommand="showInfo('security.ssl3.dhe_rsa_des_ede3_sha');"/>
</row>
<row>
<checkbox label="&cipher.ssl3.dhe_dss_des_ede3_sha;"
prefstring="security.ssl3.dhe_dss_des_ede3_sha"/>
<button label="&cipher.details;"
oncommand="showInfo('security.ssl3.dhe_dss_des_ede3_sha');"/>
</row>
<row>
<checkbox label="&cipher.ssl3.dhe_rsa_des_sha;"
prefstring="security.ssl3.dhe_rsa_des_sha"/>
<button label="&cipher.details;"
oncommand="showInfo('security.ssl3.dhe_rsa_des_sha');"/>
</row>
<row>
<checkbox label="&cipher.ssl3.dhe_dss_des_sha;"
prefstring="security.ssl3.dhe_dss_des_sha"/>
<button label="&cipher.details;"
oncommand="showInfo('security.ssl3.dhe_dss_des_sha');"/>
</row>
<row>
<checkbox label="&cipher.ssl3.rsa_null_sha;"
prefstring="security.ssl3.rsa_null_sha"/>
<button label="&cipher.details;"
oncommand="showInfo('security.ssl3.rsa_null_sha');"/>
</row>
<row>
<checkbox label="&cipher.ssl3.rsa_null_md5;"
prefstring="security.ssl3.rsa_null_md5"/>
<button label="&cipher.details;"
oncommand="showInfo('security.ssl3.rsa_null_md5');"/>
</row>
</rows>
</grid>
</groupbox>
</vbox>
</overlay>

6
security/manager/pki/resources/jar.mn
Просмотреть файл

@ -10,6 +10,12 @@ pippki.jar:
content/pippki/pref-ssl.xul (content/pref-ssl.xul)
content/pippki/pref-certs.xul (content/pref-certs.xul)
content/pippki/pref-ciphers.xul (content/pref-ciphers.xul)
content/pippki/pref-ciphers.js (content/pref-ciphers.js)
content/pippki/cipherinfo.xul (content/cipherinfo.xul)
content/pippki/cipherinfo.js (content/cipherinfo.js)
content/pippki/ssl2ciphers.xul (content/ssl2ciphers.xul)
content/pippki/ssl3tlsciphers.xul (content/ssl3tlsciphers.xul)
content/pippki/ssl3tlsciphers2.xul (content/ssl3tlsciphers2.xul)
content/pippki/PageInfoOverlay.xul (content/PageInfoOverlay.xul)
content/pippki/newserver.js (content/newserver.js)
content/pippki/newserver.xul (content/newserver.xul)

72
security/manager/pki/resources/locale/en-US/pref-ssl.dtd
Просмотреть файл

@ -47,25 +47,59 @@
<!-- Cipher pref window -->
<!ENTITY cipher.title "SSL: Edit Ciphers">
<!ENTITY cipher.ssl2.label "SSL2 Ciphersuites">
<!ENTITY cipher.ssl3.label "SSL3/TLS Ciphersuites">
<!ENTITY cipher.ssl2.label "SSL2 Cipher Suites">
<!ENTITY cipher.ssl3.label "SSL3/TLS Cipher Suites">
<!ENTITY cipher.ssl3_extra.label "Extra SSL3/TLS Cipher Suites">
<!ENTITY cipher.tab.ssl2 "SSL2">
<!ENTITY cipher.tab.ssl3tls "SSL3/TLS">
<!ENTITY cipher.tab.ssl3tls_extra "Extra SSL3/TLS">
<!-- SSL2 Ciphers -->
<!ENTITY cipher.ssl2.rc4_128 "RC4 encryption with a 128-bit key">
<!ENTITY cipher.ssl2.rc2_128 "RC2 encryption with a 128-bit key">
<!ENTITY cipher.ssl2.des_ede3_192 "Triple DES encryption with a 168-bit key">
<!ENTITY cipher.ssl2.des_64 "DES encryption with a 56-bit key">
<!ENTITY cipher.ssl2.rc4_40 "RC4 encryption with a 40-bit key">
<!ENTITY cipher.ssl2.rc2_40 "RC2 encryption with a 40-bit key">
<!-- SSL3 ciphers -->
<!ENTITY cipher.ssl3.rsa_rc4_128_md5 "RC4 encryption with a 128-bit key and an MD5 MAC">
<!ENTITY cipher.ssl3.rsa_fips_des_ede3_sha "FIPS 140-1 compliant triple DES encryption and SHA-1 MAC">
<!ENTITY cipher.ssl3.rsa_des_ede3_sha "Triple DES encryption with a 168-bit key and a SHA-1 MAC">
<!ENTITY cipher.ssl3.rsa_fips_des_sha "FIPS 140-1 compliant DES encryption and SHA-1 MAC">
<!ENTITY cipher.ssl3.rsa_des_sha "DES encryption with a 56-bit key and a SHA-1 MAC">
<!ENTITY cipher.ssl3.rsa_1024_rc4_56_sha "RC4 encryption with a 56-bit key and a SHA-1 MAC">
<!ENTITY cipher.ssl3.rsa_1024_des_cbc_sha "DES encryption in CBC mode with a 56-bit key and a SHA-1 MAC">
<!ENTITY cipher.ssl3.rsa_rc4_40_md5 "RC4 encryption with a 40-bit key and an MD5 MAC">
<!ENTITY cipher.ssl3.rsa_rc2_40_md5 "RC2 encryption with a 40-bit key and an MD5 MAC">
<!ENTITY cipher.ssl3.rsa_null_md5 "No encryption with an MD5 MAC">
<!ENTITY cipher.ssl2.rc4_128 "128-bit RC4 encryption with RSA and an MD5 MAC">
<!ENTITY cipher.ssl2.rc2_128 "128-bit RC2 encryption with RSA and an MD5 MAC">
<!ENTITY cipher.ssl2.des_ede3_192 "168-bit Triple DES encryption with RSA and MD5 MAC ">
<!ENTITY cipher.ssl2.des_64 "56-bit DES encryption with RSA and an MD5 MAC">
<!ENTITY cipher.ssl2.rc4_40 "40-bit RC4 encryption with RSA and an MD5 MAC (export)">
<!ENTITY cipher.ssl2.rc2_40 "40-bit RC2 encryption with RSA and an MD5 MAC (export)">
<!-- SSL3/TLS ciphers -->
<!ENTITY cipher.ssl3.rsa_rc4_128_md5 "128-bit RC4 encryption with RSA and an MD5 MAC">
<!ENTITY cipher.ssl3.rsa_rc4_128_sha "128-bit RC4 encryption with RSA and a SHA1 MAC">
<!ENTITY cipher.ssl3.rsa_fips_des_ede3_sha "168-bit Triple DES with RSA and a SHA1 MAC (FIPS)">
<!ENTITY cipher.ssl3.rsa_des_ede3_sha "168-bit Triple DES with RSA and a SHA1 MAC">
<!ENTITY cipher.ssl3.rsa_fips_des_sha "56-bit DES encryption with RSA and a SHA1 MAC (FIPS)">
<!ENTITY cipher.ssl3.rsa_des_sha "56-bit DES encryption with RSA and a SHA1 MAC">
<!ENTITY cipher.ssl3.rsa_1024_rc4_56_sha "56-bit RC4 encryption with RSA and a SHA1 MAC (export)">
<!ENTITY cipher.ssl3.rsa_1024_des_cbc_sha "56-bit DES encryption with RSA and a SHA1 MAC (export)">
<!ENTITY cipher.ssl3.rsa_rc4_40_md5 "40-bit RC4 encryption with RSA and an MD5 MAC (export)">
<!ENTITY cipher.ssl3.rsa_rc2_40_md5 "40-bit RC2 encryption with RSA and an MD5 MAC (export)">
<!-- Extra SSL3/TLS ciphers -->
<!ENTITY cipher.ssl3.dhe_rsa_aes_256_sha "256-bit AES encryption with RSA, DHE, and a SHA1 MAC">
<!ENTITY cipher.ssl3.dhe_dss_aes_256_sha "256-bit AES encryption with DSA, DHE, and a SHA1 MAC">
<!ENTITY cipher.ssl3.rsa_aes_256_sha "256-bit AES encryption with RSA and a SHA1 MAC">
<!ENTITY cipher.ssl3.dhe_rsa_aes_128_sha "128-bit AES encryption with RSA, DHE, and a SHA1 MAC">
<!ENTITY cipher.ssl3.dhe_dss_aes_128_sha "128-bit AES encryption with DSA, DHE, and a SHA1 MAC">
<!ENTITY cipher.ssl3.rsa_aes_128_sha "128-bit AES encryption with RSA and a SHA1 MAC">
<!ENTITY cipher.ssl3.dhe_rsa_des_ede3_sha "168-bit Triple DES with RSA, DHE, and a SHA1 MAC">
<!ENTITY cipher.ssl3.dhe_dss_des_ede3_sha "168-bit Triple DES with DSA, DHE, and a SHA1 MAC">
<!ENTITY cipher.ssl3.dhe_rsa_des_sha "56-bit DES encryption with RSA, DHE, and a SHA1 MAC">
<!ENTITY cipher.ssl3.dhe_dss_des_sha "56-bit DES encryption with DSA, DHE, and a SHA1 MAC">
<!ENTITY cipher.ssl3.rsa_null_sha "No encryption with RSA authentication and a SHA1 MAC">
<!ENTITY cipher.ssl3.rsa_null_md5 "No encryption with RSA authentication and an MD5 MAC">
<!-- Labels for cipher attributes -->
<!ENTITY cipher.name "Cipher">
<!ENTITY cipher.encryption "Encryption Algorithm:">
<!ENTITY cipher.authAlg "Authentication Algorithm:">
<!ENTITY cipher.keyAlg "Key Algorithm:">
<!ENTITY cipher.keySize "Effective Key Size:">
<!ENTITY cipher.macAlg "MAC Algorithm:">
<!ENTITY cipher.other "Other Attributes:">
<!ENTITY cipher.fips "FIPS">
<!ENTITY cipher.exportable "IsExportable">
<!ENTITY cipher.details "Details...">
<!ENTITY cipherinfo.title "Cipher Details">

30
security/manager/ssl/macbuild/PIPNSS.xml
Просмотреть файл

@ -1222,6 +1222,13 @@
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCipherInfo.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCMS.cpp</PATH>
@ -1441,6 +1448,11 @@
<PATH>nsCertPicker.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCipherInfo.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCMS.cpp</PATH>
@ -2642,6 +2654,13 @@
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCipherInfo.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCMS.cpp</PATH>
@ -2861,6 +2880,11 @@
<PATH>nsCertPicker.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCipherInfo.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCMS.cpp</PATH>
@ -3208,6 +3232,12 @@
<PATH>nsCertPicker.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>PIPNSS.shlb</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCipherInfo.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>PIPNSS.shlb</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>

2460
security/manager/ssl/macbuild/pipnssIDL.xml
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

1
security/manager/ssl/public/Makefile.in
Просмотреть файл

@ -80,6 +80,7 @@ XPIDLSRCS = \
nsIX509CertValidity.idl \
nsICRLManager.idl \
nsISMimeCert.idl \
nsICipherInfo.idl \
$(NULL)
include $(topsrcdir)/config/rules.mk

74
security/manager/ssl/public/nsICipherInfo.idl
Просмотреть файл

@ -0,0 +1,74 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Mozilla Communicator.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 2002
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Kai Engert <kaie@netscape.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "nsISupports.idl"
#include "nsISimpleEnumerator.idl"
[scriptable, uuid(028e2b2a-1f0b-43a4-a1a7-365d2d7f35d0)]
interface nsICipherInfo : nsISupports
{
readonly attribute ACString longName;
readonly attribute PRBool isSSL2;
readonly attribute PRBool isFIPS;
readonly attribute PRBool isExportable;
readonly attribute PRBool nonStandard;
readonly attribute ACString symCipherName;
readonly attribute ACString authAlgorithmName;
readonly attribute ACString keaTypeName;
readonly attribute ACString macAlgorithmName;
readonly attribute PRInt32 effectiveKeyBits;
};
[scriptable, uuid(766d47cb-6d8c-4e71-b6b7-336917629a69)]
interface nsICipherInfoService : nsISupports
{
nsICipherInfo getCipherInfoByPrefString(in ACString aPrefString);
};
%{C++
#define NS_CIPHERINFOSERVICE_CID { /* ec693a6f-0832-49dd-877c-89f6552df5de */ \
0xec693a6f, \
0x0832, \
0x49dd, \
{0x87, 0x7c, 0x89, 0xf6, 0x55, 0x2d, 0xf5, 0xde} \
}
#define NS_CIPHERINFOSERVICE_CONTRACTID "@mozilla.org/security/cipherinfo;1"
%}

1
security/manager/ssl/src/Makefile.in
Просмотреть файл

@ -50,6 +50,7 @@ META_COMPONENT = crypto
GRE_MODULE = 1
CPPSRCS = \
nsCipherInfo.cpp \
nsNSSCallbacks.cpp \
nsNSSComponent.cpp \
nsNSSIOLayer.cpp \

199
security/manager/ssl/src/nsCipherInfo.cpp
Просмотреть файл

@ -0,0 +1,199 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Mozilla Communicator.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 2002
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Kai Engert <kaie@netscape.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "nsCipherInfo.h"
#include "nsReadableUtils.h"
#include "nsEnumeratorUtils.h"
#include "nsCRT.h"
#include "nsNSSComponent.h"
#include "ssl.h"
#include "sslproto.h"
NS_IMPL_ISUPPORTS1(nsCipherInfoService, nsICipherInfoService)
nsCipherInfoService::nsCipherInfoService()
{
}
nsCipherInfoService::~nsCipherInfoService()
{
}
NS_IMETHODIMP nsCipherInfoService::GetCipherInfoByPrefString(const nsACString &aPrefString, nsICipherInfo * *aCipherInfo)
{
NS_ENSURE_ARG_POINTER(aCipherInfo);
PRUint16 cipher_id = 0;
nsresult rv = nsNSSComponent::GetNSSCipherIDFromPrefString(aPrefString, cipher_id);
if (NS_FAILED(rv))
return rv;
*aCipherInfo = new nsCipherInfo(cipher_id);
NS_IF_ADDREF(*aCipherInfo);
rv = *aCipherInfo != nsnull ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
return rv;
}
NS_IMPL_ISUPPORTS1(nsCipherInfo, nsICipherInfo)
nsCipherInfo::nsCipherInfo(PRUint16 aCipherId)
:mHaveInfo(PR_FALSE)
{
for (PRUint16 i = 0; i < SSL_NumImplementedCiphers; ++i)
{
const PRUint16 i_id = SSL_ImplementedCiphers[i];
if (i_id != aCipherId)
continue;
PRBool isGood = (
(SECSuccess == SSL_GetCipherSuiteInfo(i_id, &mInfo, sizeof(mInfo)))
&&
(sizeof(mInfo) == mInfo.length));
if (!isGood)
{
NS_ASSERTION(0, "unable to get info for implemented cipher");
continue;
}
mHaveInfo = PR_TRUE;
}
}
nsCipherInfo::~nsCipherInfo()
{
}
NS_IMETHODIMP nsCipherInfo::GetLongName(nsACString &aLongName)
{
if (!mHaveInfo)
return NS_ERROR_NOT_AVAILABLE;
aLongName = ToNewCString(nsDependentCString(mInfo.cipherSuiteName));
return NS_OK;
}
NS_IMETHODIMP nsCipherInfo::GetIsSSL2(PRBool *aIsSSL2)
{
NS_ENSURE_ARG_POINTER(aIsSSL2);
if (!mHaveInfo)
return NS_ERROR_NOT_AVAILABLE;
*aIsSSL2 = SSL_IS_SSL2_CIPHER(mInfo.cipherSuite);
return NS_OK;
}
NS_IMETHODIMP nsCipherInfo::GetIsFIPS(PRBool *aIsFIPS)
{
NS_ENSURE_ARG_POINTER(aIsFIPS);
if (!mHaveInfo)
return NS_ERROR_NOT_AVAILABLE;
*aIsFIPS = mInfo.isFIPS;
return NS_OK;
}
NS_IMETHODIMP nsCipherInfo::GetIsExportable(PRBool *aIsExportable)
{
NS_ENSURE_ARG_POINTER(aIsExportable);
if (!mHaveInfo)
return NS_ERROR_NOT_AVAILABLE;
*aIsExportable = mInfo.isExportable;
return NS_OK;
}
NS_IMETHODIMP nsCipherInfo::GetNonStandard(PRBool *aNonStandard)
{
NS_ENSURE_ARG_POINTER(aNonStandard);
if (!mHaveInfo)
return NS_ERROR_NOT_AVAILABLE;
*aNonStandard = mInfo.nonStandard;
return NS_OK;
}
NS_IMETHODIMP nsCipherInfo::GetSymCipherName(nsACString &aSymCipherName)
{
if (!mHaveInfo)
return NS_ERROR_NOT_AVAILABLE;
aSymCipherName = mInfo.symCipherName;
return NS_OK;
}
NS_IMETHODIMP nsCipherInfo::GetAuthAlgorithmName(nsACString &aAuthAlgorithmName)
{
if (!mHaveInfo)
return NS_ERROR_NOT_AVAILABLE;
aAuthAlgorithmName = mInfo.authAlgorithmName;
return NS_OK;
}
NS_IMETHODIMP nsCipherInfo::GetKeaTypeName(nsACString &aKeaTypeName)
{
if (!mHaveInfo)
return NS_ERROR_NOT_AVAILABLE;
aKeaTypeName = mInfo.keaTypeName;
return NS_OK;
}
NS_IMETHODIMP nsCipherInfo::GetMacAlgorithmName(nsACString &aMacAlgorithmName)
{
if (!mHaveInfo)
return NS_ERROR_NOT_AVAILABLE;
aMacAlgorithmName = mInfo.macAlgorithmName;
return NS_OK;
}
NS_IMETHODIMP nsCipherInfo::GetEffectiveKeyBits(PRInt32 *aEffectiveKeyBits)
{
NS_ENSURE_ARG_POINTER(aEffectiveKeyBits);
if (!mHaveInfo)
return NS_ERROR_NOT_AVAILABLE;
*aEffectiveKeyBits = mInfo.effectiveKeyBits;
return NS_OK;
}

64
security/manager/ssl/src/nsCipherInfo.h
Просмотреть файл

@ -0,0 +1,64 @@
/* ***** BEGIN LICENSE BLOCK *****
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
*
* The contents of this file are subject to the Mozilla Public License Version
* 1.1 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
* http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an "AS IS" basis,
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
* for the specific language governing rights and limitations under the
* License.
*
* The Original Code is Mozilla Communicator.
*
* The Initial Developer of the Original Code is
* Netscape Communications Corporation.
* Portions created by the Initial Developer are Copyright (C) 2002
* the Initial Developer. All Rights Reserved.
*
* Contributor(s):
* Kai Engert <kaie@netscape.com>
*
* Alternatively, the contents of this file may be used under the terms of
* either the GNU General Public License Version 2 or later (the "GPL"), or
* the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
* in which case the provisions of the GPL or the LGPL are applicable instead
* of those above. If you wish to allow use of your version of this file only
* under the terms of either the GPL or the LGPL, and not to allow others to
* use your version of this file under the terms of the MPL, indicate your
* decision by deleting the provisions above and replace them with the notice
* and other provisions required by the GPL or the LGPL. If you do not delete
* the provisions above, a recipient may use your version of this file under
* the terms of any one of the MPL, the GPL or the LGPL.
*
* ***** END LICENSE BLOCK ***** */
#include "nsICipherInfo.h"
#include "nsString.h"
#include "sslt.h"
class nsCipherInfoService : public nsICipherInfoService
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSICIPHERINFOSERVICE
nsCipherInfoService();
virtual ~nsCipherInfoService();
};
class nsCipherInfo : public nsICipherInfo
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSICIPHERINFO
nsCipherInfo(PRUint16 aCipherId);
virtual ~nsCipherInfo();
private:
PRBool mHaveInfo;
SSLCipherSuiteInfo mInfo;
};

74
security/manager/ssl/src/nsNSSComponent.cpp
Просмотреть файл

@ -538,30 +538,58 @@ typedef struct {
} CipherPref;
static CipherPref CipherPrefs[] = {
/* SSL2 ciphers */
{"security.ssl2.rc4_128", SSL_EN_RC4_128_WITH_MD5},
{"security.ssl2.rc2_128", SSL_EN_RC2_128_CBC_WITH_MD5},
{"security.ssl2.des_ede3_192", SSL_EN_DES_192_EDE3_CBC_WITH_MD5},
{"security.ssl2.des_64", SSL_EN_DES_64_CBC_WITH_MD5},
{"security.ssl2.rc4_40", SSL_EN_RC4_128_EXPORT40_WITH_MD5},
{"security.ssl2.rc2_40", SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5},
/* SSL3 ciphers */
/* SSL2 cipher suites, all use RSA and an MD5 MAC */
{"security.ssl2.rc4_128", SSL_EN_RC4_128_WITH_MD5}, // 128-bit RC4 encryption with RSA and an MD5 MAC
{"security.ssl2.rc2_128", SSL_EN_RC2_128_CBC_WITH_MD5}, // 128-bit RC2 encryption with RSA and an MD5 MAC
{"security.ssl2.des_ede3_192", SSL_EN_DES_192_EDE3_CBC_WITH_MD5}, // 168-bit Triple DES encryption with RSA and MD5 MAC
{"security.ssl2.des_64", SSL_EN_DES_64_CBC_WITH_MD5}, // 56-bit DES encryption with RSA and an MD5 MAC
{"security.ssl2.rc4_40", SSL_EN_RC4_128_EXPORT40_WITH_MD5}, // 40-bit RC4 encryption with RSA and an MD5 MAC (export)
{"security.ssl2.rc2_40", SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5}, // 40-bit RC2 encryption with RSA and an MD5 MAC (export)
/* Fortezza SSL3/TLS cipher suites, see bug 133502 */
{"security.ssl3.fortezza_fortezza_sha", SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA},
{"security.ssl3.fortezza_rc4_sha", SSL_FORTEZZA_DMS_WITH_RC4_128_SHA},
{"security.ssl3.rsa_rc4_128_md5", SSL_RSA_WITH_RC4_128_MD5},
{"security.ssl3.rsa_fips_des_ede3_sha", SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA},
{"security.ssl3.rsa_des_ede3_sha", SSL_RSA_WITH_3DES_EDE_CBC_SHA},
{"security.ssl3.rsa_fips_des_sha", SSL_RSA_FIPS_WITH_DES_CBC_SHA},
{"security.ssl3.rsa_des_sha", SSL_RSA_WITH_DES_CBC_SHA},
{"security.ssl3.rsa_1024_rc4_56_sha", TLS_RSA_EXPORT1024_WITH_RC4_56_SHA},
{"security.ssl3.rsa_1024_des_cbc_sha", TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA},
{"security.ssl3.rsa_rc4_40_md5", SSL_RSA_EXPORT_WITH_RC4_40_MD5},
{"security.ssl3.rsa_rc2_40_md5", SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5},
{"security.ssl3.fortezza_null_sha", SSL_FORTEZZA_DMS_WITH_NULL_SHA},
{"security.ssl3.rsa_null_md5", SSL_RSA_WITH_NULL_MD5},
/* SSL3/TLS cipher suites*/
{"security.ssl3.rsa_rc4_128_md5", SSL_RSA_WITH_RC4_128_MD5}, // 128-bit RC4 encryption with RSA and an MD5 MAC
{"security.ssl3.rsa_rc4_128_sha", SSL_RSA_WITH_RC4_128_SHA}, // 128-bit RC4 encryption with RSA and a SHA1 MAC
{"security.ssl3.rsa_fips_des_ede3_sha", SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA}, // 168-bit Triple DES with RSA and a SHA1 MAC (FIPS)
{"security.ssl3.rsa_des_ede3_sha", SSL_RSA_WITH_3DES_EDE_CBC_SHA}, // 168-bit Triple DES with RSA and a SHA1 MAC
{"security.ssl3.rsa_fips_des_sha", SSL_RSA_FIPS_WITH_DES_CBC_SHA}, // 56-bit DES encryption with RSA and a SHA1 MAC (FIPS)
{"security.ssl3.rsa_des_sha", SSL_RSA_WITH_DES_CBC_SHA}, // 56-bit DES encryption with RSA and a SHA1 MAC
{"security.ssl3.rsa_1024_rc4_56_sha", TLS_RSA_EXPORT1024_WITH_RC4_56_SHA}, // 56-bit RC4 encryption with RSA and a SHA1 MAC (export)
{"security.ssl3.rsa_1024_des_cbc_sha", TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA}, // 56-bit DES encryption with RSA and a SHA1 MAC (export)
{"security.ssl3.rsa_rc4_40_md5", SSL_RSA_EXPORT_WITH_RC4_40_MD5}, // 40-bit RC4 encryption with RSA and an MD5 MAC (export)
{"security.ssl3.rsa_rc2_40_md5", SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5}, // 40-bit RC2 encryption with RSA and an MD5 MAC (export)
/* Extra SSL3/TLS cipher suites */
{"security.ssl3.dhe_rsa_aes_256_sha", TLS_DHE_RSA_WITH_AES_256_CBC_SHA}, // 256-bit AES encryption with RSA, DHE, and a SHA1 MAC
{"security.ssl3.dhe_dss_aes_256_sha", TLS_DHE_DSS_WITH_AES_256_CBC_SHA}, // 256-bit AES encryption with DSA, DHE, and a SHA1 MAC
{"security.ssl3.rsa_aes_256_sha", TLS_RSA_WITH_AES_256_CBC_SHA}, // 256-bit AES encryption with RSA and a SHA1 MAC
/* TLS_DHE_DSS_WITH_RC4_128_SHA // 128-bit RC4 encryption with DSA, DHE, and a SHA1 MAC
If this cipher gets included at a later time, it should get added at this position */
{"security.ssl3.dhe_rsa_aes_128_sha", TLS_DHE_RSA_WITH_AES_128_CBC_SHA}, // 128-bit AES encryption with RSA, DHE, and a SHA1 MAC
{"security.ssl3.dhe_dss_aes_128_sha", TLS_DHE_DSS_WITH_AES_128_CBC_SHA}, // 128-bit AES encryption with DSA, DHE, and a SHA1 MAC
{"security.ssl3.rsa_aes_128_sha", TLS_RSA_WITH_AES_128_CBC_SHA}, // 128-bit AES encryption with RSA and a SHA1 MAC
{"security.ssl3.dhe_rsa_des_ede3_sha", SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA}, // 168-bit Triple DES with RSA, DHE, and a SHA1 MAC
{"security.ssl3.dhe_dss_des_ede3_sha", SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA}, // 168-bit Triple DES with DSA, DHE, and a SHA1 MAC
{"security.ssl3.dhe_rsa_des_sha", SSL_DHE_RSA_WITH_DES_CBC_SHA}, // 56-bit DES encryption with RSA, DHE, and a SHA1 MAC
{"security.ssl3.dhe_dss_des_sha", SSL_DHE_DSS_WITH_DES_CBC_SHA}, // 56-bit DES encryption with DSA, DHE, and a SHA1 MAC
{"security.ssl3.rsa_null_sha", SSL_RSA_WITH_NULL_SHA}, // No encryption with RSA authentication and a SHA1 MAC
{"security.ssl3.rsa_null_md5", SSL_RSA_WITH_NULL_MD5}, // No encryption with RSA authentication and an MD5 MAC
{NULL, 0} /* end marker */
};
nsresult nsNSSComponent::GetNSSCipherIDFromPrefString(const nsACString &aPrefString, PRUint16 &aCipherId)
{
for (CipherPref* cp = CipherPrefs; cp->pref; ++cp) {
if (nsDependentCString(cp->pref) == aPrefString) {
aCipherId = cp->id;
return NS_OK;
}
}
return NS_ERROR_NOT_AVAILABLE;
}
static void setOCSPOptions(nsIPref * pref)
{
// Set up OCSP //
@ -976,6 +1004,7 @@ nsNSSComponent::InitializeNSS()
::NSS_SetDomesticPolicy();
// SSL_EnableCipher(SSL_RSA_WITH_NULL_MD5, SSL_ALLOWED);
// SSL_EnableCipher(SSL_RSA_WITH_NULL_SHA, SSL_ALLOWED);
PK11_SetPasswordFunc(PK11PasswordPrompt);
@ -991,7 +1020,14 @@ nsNSSComponent::InitializeNSS()
mPref->GetBoolPref("security.enable_tls", &enabled);
SSL_OptionSetDefault(SSL_ENABLE_TLS, enabled);
// Set SSL/TLS ciphers
// Disable any ciphers that NSS might have enabled by default
for (PRUint16 i = 0; i < SSL_NumImplementedCiphers; ++i)
{
PRUint16 cipher_id = SSL_ImplementedCiphers[i];
SSL_CipherPrefSetDefault(cipher_id, PR_FALSE);
}
// Now only set SSL/TLS ciphers we knew about at compile time
for (CipherPref* cp = CipherPrefs; cp->pref; ++cp) {
mPref->GetBoolPref(cp->pref, &enabled);

1
security/manager/ssl/src/nsNSSComponent.h
Просмотреть файл

@ -169,6 +169,7 @@ public:
NS_IMETHOD DefineNextTimer();
NS_IMETHOD DownloadCRLDirectly(nsAutoString, nsAutoString);
NS_IMETHOD RememberCert(CERTCertificate *cert);
static nsresult GetNSSCipherIDFromPrefString(const nsACString &aPrefString, PRUint16 &aCipherId);
private:

9
security/manager/ssl/src/nsNSSModule.cpp
Просмотреть файл

@ -49,6 +49,7 @@
#include "nsCURILoader.h"
#include "nsICategoryManager.h"
#include "nsCRLManager.h"
#include "nsCipherInfo.h"
// We must ensure that the nsNSSComponent has been loaded before
// creating any other components.
@ -160,6 +161,7 @@ NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsCMSMessage)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsHash)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsCertPicker)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsCRLManager)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsCipherInfoService)
static NS_METHOD RegisterPSMContentListeners(
nsIComponentManager *aCompMgr,
@ -359,6 +361,13 @@ static const nsModuleComponentInfo components[] =
NS_CRLMANAGER_CID,
NS_CRLMANAGER_CONTRACTID,
nsCRLManagerConstructor
},
{
"PSM Cipher Info",
NS_CIPHERINFOSERVICE_CID,
NS_CIPHERINFOSERVICE_CONTRACTID,
nsCipherInfoServiceConstructor
}
};