mozilla
/
pjs
зеркало из https://github.com/mozilla/pjs.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

b=102633 Changed cipher prefs dialog. 

Allow the user to enable additional ciphers.
Disable two cipher suites that are no longer in use (said the NSS team).
r=javi/nelsonb/cotter sr=alecf
This commit is contained in:
kaie%netscape.com 2002-04-12 04:44:29 +00:00
Родитель fda923d565
Коммит 5e578afaa3
13 изменённых файлов: 281 добавлений и 139 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

226
security/manager/pki/resources/content/pref-ciphers.xul
Просмотреть файл

@ -29,10 +29,30 @@
<window id="pref-ciphers" title="&cipher.title;"
xmlns="http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"
style="width: 50em; height: 20em;"
onload="onLoad();">
<script type="application/x-javascript" src="chrome://help/content/contextHelp.js"/>
<script type="application/x-javascript"><![CDATA[
var prefs = null;
var prefStrings = new Array();
var ciphers = new Array();
var checkboxes = new Array();
var listbox = null;
var info_encryption;
var info_authAlg;
var info_keyAlg;
var info_keySize;
var info_macAlg;
var info_fips;
var info_exportable;
function createCell(label) {
var cell = document.createElement("listcell");
cell.setAttribute("label", label)
return cell;
}
function onLoad() {
doSetOKCancel(doOK, doCancel);
@ -42,21 +62,100 @@
prefs = Components.classes["@mozilla.org/preferences;1"].getService(nsIPref);
// Enumerate each checkbox on this page and set value
var prefElements = document.getElementsByAttribute("prefstring", "*");
for (var i = 0; i < prefElements.length; i++) {
var element = prefElements[i];
var prefString = element.getAttribute("prefstring");
var prefValue = false;
const nsCipherInfoService = "@mozilla.org/security/cipherinfo;1";
const nsICipherInfoService = Components.interfaces.nsICipherInfoService;
const nsICipherInfo = Components.interfaces.nsICipherInfo;
var cipher_info_service = Components.classes[nsCipherInfoService].getService(nsICipherInfoService);
var cipher_list = cipher_info_service.listCiphers();
listbox = document.getElementById("cipherlist");
info_encryption = document.getElementById("encryption");
info_authAlg = document.getElementById("authAlg");
info_keyAlg = document.getElementById("keyAlg");
info_keySize = document.getElementById("keySize");
info_macAlg = document.getElementById("macAlg");
info_fips = document.getElementById("fips");
info_exportable = document.getElementById("exportable");
var cipher;
var i = 0;
while (cipher_list.hasMoreElements()) {
cipher = cipher_list.getNext().QueryInterface(nsICipherInfo);
ciphers[i] = cipher;
var prefString = cipher.prefString;
prefStrings[i] = prefString;
var prefValue = null;
try {
prefValue = prefs.GetBoolPref(prefString);
} catch(e) { /* Put debug output here */ }
element.setAttribute("checked", prefValue);
var listitem = document.createElement("listitem");
var checkbox = document.createElement("checkbox");
checkbox.setAttribute("checked", prefValue);
// disable xul element if the pref is locked.
if (prefs.PrefIsLocked(prefString)) {
element.disabled=true;
checkbox.disabled=true;
}
checkboxes[i] = checkbox;
var checkcell = document.createElement("listcell");
checkcell.appendChild(checkbox);
listitem.appendChild(checkcell);
listitem.appendChild(createCell(cipher.isSSL2 ? "SSL2" : "SSL3/TLS"));
listitem.appendChild(createCell(cipher.longName));
listbox.appendChild(listitem);
if (!i) {
listbox.selectedIndex = 0;
}
++i;
}
}
function onSelect(event) {
if (listbox.selectedItems.length <= 0) {
info_encryption.setAttribute("value", "");
info_authAlg.setAttribute("value", "");
info_keyAlg.setAttribute("value", "");
info_keySize.setAttribute("value", "");
info_macAlg.setAttribute("value", "");
info_fips.removeAttribute("collapsed");
info_exportable.removeAttribute("collapsed");
}
else {
var selected = listbox.selectedIndex;
var cipher = ciphers[selected];
info_encryption.setAttribute("value", cipher.symCipherName);
info_authAlg.setAttribute("value", cipher.authAlgorithmName);
info_keyAlg.setAttribute("value", cipher.keaTypeName);
info_keySize.setAttribute("value", cipher.effectiveKeyBits);
info_macAlg.setAttribute("value", cipher.macAlgorithmName);
if (cipher.isFIPS) {
info_fips.removeAttribute("collapsed");
}
else {
info_fips.setAttribute("collapsed", "true");
}
if (cipher.isExportable) {
info_exportable.removeAttribute("collapsed");
}
else {
info_exportable.setAttribute("collapsed", "true");
}
}
}
@ -65,13 +164,11 @@
// Save the prefs
try {
// Enumerate each checkbox on this page and save the value
var prefElements = document.getElementsByAttribute("prefstring", "*");
for (var i = 0; i < prefElements.length; i++) {
var element = prefElements[i];
var prefString = element.getAttribute("prefstring");
for (var i = 0; i < checkboxes.length; i++) {
var element = checkboxes[i];
var prefString = prefStrings[i];
var prefValue = element.getAttribute("checked");
if (typeof(prefValue) == "string") prefValue = (prefValue == "true");
prefs.SetBoolPref(prefString, prefValue);
@ -86,57 +183,68 @@
function doCancel() {
window.close();
}
function doHelpButton() {
openHelp('cipher_help');
}
]]></script>
<vbox style="overflow: hidden;" flex="1">
<vbox style="overflow: hidden;">
<groupbox align="start">
<caption label="&cipher.ssl2.label;"/>
<checkbox label="&cipher.ssl2.rc4_128;"
prefstring="security.ssl2.rc4_128"/>
<checkbox label="&cipher.ssl2.rc2_128;"
prefstring="security.ssl2.rc2_128"/>
<checkbox label="&cipher.ssl2.des_ede3_192;"
prefstring="security.ssl2.des_ede3_192"/>
<checkbox label="&cipher.ssl2.des_64;"
prefstring="security.ssl2.des_64"/>
<checkbox label="&cipher.ssl2.rc4_40;"
prefstring="security.ssl2.rc4_40"/>
<checkbox label="&cipher.ssl2.rc2_40;"
prefstring="security.ssl2.rc2_40"/>
</groupbox>
<groupbox align="start">
<caption label="&cipher.ssl3.label;"/>
<checkbox label="&cipher.ssl3.rsa_rc4_128_md5;"
prefstring="security.ssl3.rsa_rc4_128_md5"/>
<checkbox label="&cipher.ssl3.rsa_fips_des_ede3_sha;"
prefstring="security.ssl3.rsa_fips_des_ede3_sha"/>
<checkbox label="&cipher.ssl3.rsa_des_ede3_sha;"
prefstring="security.ssl3.rsa_des_ede3_sha"/>
<checkbox label="&cipher.ssl3.rsa_fips_des_sha;"
prefstring="security.ssl3.rsa_fips_des_sha"/>
<checkbox label="&cipher.ssl3.rsa_des_sha;"
prefstring="security.ssl3.rsa_des_sha"/>
<checkbox label="&cipher.ssl3.rsa_1024_rc4_56_sha;"
prefstring="security.ssl3.rsa_1024_rc4_56_sha"/>
<checkbox label="&cipher.ssl3.rsa_1024_des_cbc_sha;"
prefstring="security.ssl3.rsa_1024_des_cbc_sha"/>
<checkbox label="&cipher.ssl3.rsa_rc4_40_md5;"
prefstring="security.ssl3.rsa_rc4_40_md5"/>
<checkbox label="&cipher.ssl3.rsa_rc2_40_md5;"
prefstring="security.ssl3.rsa_rc2_40_md5"/>
<checkbox label="&cipher.ssl3.rsa_null_md5;"
prefstring="security.ssl3.rsa_null_md5"/>
</groupbox>
<separator/>
<listbox id="cipherlist" style="height: 15em; width: 40em;"
flex="1" onselect="onSelect(event);">
<listcols>
<listcol flex="1"/>
<splitter class="tree-splitter"/>
<listcol flex="3"/>
<splitter class="tree-splitter"/>
<listcol flex="10"/>
</listcols>
<listhead>
<listheader label="&cipher.enable;"/>
<listheader label="&cipher.version;"/>
<listheader label="&cipher.name;"/>
</listhead>
</listbox>
<grid style="margin: 1em;">
<columns>
<column/>
<column/>
</columns>
<rows>
<row>
<label value="&cipher.encryption;"/>
<label id="encryption"/>
</row>
<row>
<label value="&cipher.authAlg;"/>
<label id="authAlg"/>
</row>
<row>
<label value="&cipher.keyAlg;"/>
<label id="keyAlg"/>
</row>
<row>
<label value="&cipher.keySize;"/>
<label id="keySize"/>
</row>
<row>
<label value="&cipher.macAlg;"/>
<label id="macAlg"/>
</row>
<row>
<label value="&cipher.other;"/>
<label id="fips" value="&cipher.fips;" collapsed="true"/>
</row>
<row>
<label value=""/>
<label id="exportable" value="&cipher.exportable;" collapsed="true"/>
</row>
</rows>
</grid>
<keyset id="dialogKeys"/>
<hbox id="okCancelButtonsRight"/>
<hbox id="okCancelHelpButtonsRight"/>
</vbox>

31
security/manager/pki/resources/locale/en-US/pref-ssl.dtd
Просмотреть файл

@ -50,22 +50,15 @@
<!ENTITY cipher.ssl2.label "SSL2 Ciphersuites">
<!ENTITY cipher.ssl3.label "SSL3/TLS Ciphersuites">
<!-- SSL2 Ciphers -->
<!ENTITY cipher.ssl2.rc4_128 "RC4 encryption with a 128-bit key">
<!ENTITY cipher.ssl2.rc2_128 "RC2 encryption with a 128-bit key">
<!ENTITY cipher.ssl2.des_ede3_192 "Triple DES encryption with a 168-bit key">
<!ENTITY cipher.ssl2.des_64 "DES encryption with a 56-bit key">
<!ENTITY cipher.ssl2.rc4_40 "RC4 encryption with a 40-bit key">
<!ENTITY cipher.ssl2.rc2_40 "RC2 encryption with a 40-bit key">
<!-- SSL3 ciphers -->
<!ENTITY cipher.ssl3.rsa_rc4_128_md5 "RC4 encryption with a 128-bit key and an MD5 MAC">
<!ENTITY cipher.ssl3.rsa_fips_des_ede3_sha "FIPS 140-1 compliant triple DES encryption and SHA-1 MAC">
<!ENTITY cipher.ssl3.rsa_des_ede3_sha "Triple DES encryption with a 168-bit key and a SHA-1 MAC">
<!ENTITY cipher.ssl3.rsa_fips_des_sha "FIPS 140-1 compliant DES encryption and SHA-1 MAC">
<!ENTITY cipher.ssl3.rsa_des_sha "DES encryption with a 56-bit key and a SHA-1 MAC">
<!ENTITY cipher.ssl3.rsa_1024_rc4_56_sha "RC4 encryption with a 56-bit key and a SHA-1 MAC">
<!ENTITY cipher.ssl3.rsa_1024_des_cbc_sha "DES encryption in CBC mode with a 56-bit key and a SHA-1 MAC">
<!ENTITY cipher.ssl3.rsa_rc4_40_md5 "RC4 encryption with a 40-bit key and an MD5 MAC">
<!ENTITY cipher.ssl3.rsa_rc2_40_md5 "RC2 encryption with a 40-bit key and an MD5 MAC">
<!ENTITY cipher.ssl3.rsa_null_md5 "No encryption with an MD5 MAC">
<!-- Labels for cipher attributes -->
<!ENTITY cipher.enable "Enable">
<!ENTITY cipher.name "Cipher">
<!ENTITY cipher.version "Version">
<!ENTITY cipher.encryption "Encryption Algorithm:">
<!ENTITY cipher.authAlg "Authentification Algorithm:">
<!ENTITY cipher.keyAlg "Key Algorithm:">
<!ENTITY cipher.keySize "Key Size:">
<!ENTITY cipher.macAlg "MAC Algorithm:">
<!ENTITY cipher.other "Other Attributes:">
<!ENTITY cipher.fips "FIPS">
<!ENTITY cipher.exportable "IsExportable">

30
security/manager/ssl/macbuild/PIPNSS.xml
Просмотреть файл

@ -1152,6 +1152,13 @@
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCipherInfo.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCMS.cpp</PATH>
@ -1321,6 +1328,11 @@
<PATH>nsCertPicker.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCipherInfo.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCMS.cpp</PATH>
@ -2452,6 +2464,13 @@
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCipherInfo.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCMS.cpp</PATH>
@ -2621,6 +2640,11 @@
<PATH>nsCertPicker.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCipherInfo.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCMS.cpp</PATH>
@ -2908,6 +2932,12 @@
<PATH>nsCertPicker.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>PIPNSS.shlb</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsCipherInfo.cpp</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>PIPNSS.shlb</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>

30
security/manager/ssl/macbuild/pipnssIDL.xml
Просмотреть файл

@ -811,6 +811,13 @@
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICipherInfo.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
</FILELIST>
<LINKORDER>
<FILEREF>
@ -878,6 +885,11 @@
<PATH>nsICMS.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICipherInfo.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
</LINKORDER>
</TARGET>
<TARGET>
@ -1638,6 +1650,13 @@
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
<FILE>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICipherInfo.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
<FILEKIND>Text</FILEKIND>
<FILEFLAGS></FILEFLAGS>
</FILE>
</FILELIST>
<LINKORDER>
<FILEREF>
@ -1705,6 +1724,11 @@
<PATH>nsICMS.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICipherInfo.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
</LINKORDER>
</TARGET>
</TARGETLIST>
@ -1795,6 +1819,12 @@
<PATH>nsICMS.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
<FILEREF>
<TARGETNAME>headers</TARGETNAME>
<PATHTYPE>Name</PATHTYPE>
<PATH>nsICipherInfo.idl</PATH>
<PATHFORMAT>MacOS</PATHFORMAT>
</FILEREF>
</GROUPLIST>
</PROJECT>

1
security/manager/ssl/public/Makefile.in
Просмотреть файл

@ -57,6 +57,7 @@ XPIDLSRCS = \
nsICMSSecureMessage.idl \
nsICMS.idl \
nsIUserCertPicker.idl \
nsICipherInfo.idl \
$(NULL)
include $(topsrcdir)/config/rules.mk

1
security/manager/ssl/public/makefile.win
Просмотреть файл

@ -57,6 +57,7 @@ XPIDLSRCS= \
.\nsICMSSecureMessage.idl \
.\nsICMS.idl \
.\nsIUserCertPicker.idl \
.\nsICipherInfo.idl \
$(NULL)

1
security/manager/ssl/src/Makefile.in
Просмотреть файл

@ -71,6 +71,7 @@ CPPSRCS = \
nsCMSSecureMessage.cpp \
nsCMS.cpp \
nsCertPicker.cpp \
nsCipherInfo.cpp \
$(NULL)
REQUIRES = nspr \

1
security/manager/ssl/src/makefile.win
Просмотреть файл

@ -144,6 +144,7 @@ OBJS = \
.\$(OBJDIR)\nsCMSSecureMessage.obj \
.\$(OBJDIR)\nsCMS.obj \
.\$(OBJDIR)\nsCertPicker.obj \
.\$(OBJDIR)\nsCipherInfo.obj \
$(NULL)
include <$(DEPTH)\config\rules.mak>

14
security/manager/ssl/src/nsCipherInfo.cpp
Просмотреть файл

@ -164,8 +164,7 @@ nsCiphers::nsCiphers()
PRUint16 array_index = 0;
if (isCipherWithHistoricaPrefString(data.id, array_index))
{
data.prefString = historical_cipher_pref_strings[array_index].pref_string;
data.isHeapString = PR_FALSE;
data.setDataSegmentPrefString( historical_cipher_pref_strings[array_index].pref_string );
}
else
{
@ -174,8 +173,7 @@ nsCiphers::nsCiphers()
pref.Append( SSL_IS_SSL2_CIPHER(data.info.cipherSuite) ? "ssl2." : "ssl3." );
pref.Append(data.info.cipherSuiteName);
ToLowerCase(pref);
data.prefString = ToNewCString(pref);
data.isHeapString = PR_TRUE;
data.setHeapString(ToNewCString(pref));
}
}
}
@ -195,7 +193,7 @@ void nsCiphers::SetAllCiphersFromPrefs(nsIPref *ipref)
CipherData &cd = singleton->mCiphers[iCipher];
ipref->GetBoolPref(cd.prefString, &enabled);
ipref->GetBoolPref(cd.GetPrefString(), &enabled);
SSL_CipherPrefSetDefault(cd.id, enabled);
}
}
@ -211,9 +209,9 @@ void nsCiphers::SetCipherFromPref(nsIPref *ipref, const char *prefname)
CipherData &cd = singleton->mCiphers[iCipher];
// find cipher ID
if (!nsCRT::strcmp(prefname, cd.prefString))
if (!nsCRT::strcmp(prefname, cd.GetPrefString()))
{
ipref->GetBoolPref(cd.prefString, &enabled);
ipref->GetBoolPref(cd.GetPrefString(), &enabled);
SSL_CipherPrefSetDefault(cd.id, enabled);
break;
}
@ -411,6 +409,6 @@ NS_IMETHODIMP nsCipherInfo::GetPrefString(char * *aPrefString)
return NS_OK;
}
*aPrefString = ToNewCString(nsDependentCString(nsCiphers::singleton->mCiphers[mCipherIndex].prefString));
*aPrefString = ToNewCString(nsDependentCString(nsCiphers::singleton->mCiphers[mCipherIndex].GetPrefString()));
return NS_OK;
}

21
security/manager/ssl/src/nsCipherInfo.h
Просмотреть файл

@ -61,20 +61,29 @@ private:
struct CipherData {
CipherData()
:id(0), prefString(nsnull), isHeapString(PR_FALSE), isWanted(PR_FALSE), isGood(PR_FALSE) {}
:id(0), isWanted(PR_FALSE), isGood(PR_FALSE), heapString(nsnull), dataSegmentString(nsnull) {}
~CipherData() {
if (isHeapString) {
delete [] prefString;
}
if (heapString) nsMemory::Free(heapString);
}
PRUint16 id;
const char *prefString;
PRPackedBool isHeapString;
void setDataSegmentPrefString(const char *dss) {
dataSegmentString = dss;
}
void setHeapString(char *hs) {
if (heapString) nsMemory::Free(heapString);
heapString = hs;
}
const char *GetPrefString() {
return heapString ? heapString : dataSegmentString;
}
PRPackedBool isWanted;
PRPackedBool isGood;
SSLCipherSuiteInfo info;
private:
char *heapString;
const char *dataSegmentString;
};
struct CipherData *mCiphers;

52
security/manager/ssl/src/nsNSSComponent.cpp
Просмотреть файл

@ -66,6 +66,7 @@
#include "nsIEntropyCollector.h"
#include "nsIBufEntropyCollector.h"
#include "nsIServiceManager.h"
#include "nsCipherInfo.h"
#include "nss.h"
#include "pk11func.h"
@ -228,6 +229,8 @@ nsNSSComponent::nsNSSComponent()
NS_ASSERTION( (0 == mInstanceCount), "nsNSSComponent is a singleton, but instantiated multiple times!");
++mInstanceCount;
hashTableCerts = nsnull;
nsCiphers::InitSingleton();
}
nsNSSComponent::~nsNSSComponent()
@ -262,6 +265,8 @@ nsNSSComponent::~nsNSSComponent()
mutex = nsnull;
}
nsCiphers::DestroySingleton();
PR_LOG(gPIPNSSLog, PR_LOG_DEBUG, ("nsNSSComponent::dtor finished\n"));
}
@ -486,37 +491,6 @@ nsNSSComponent::RegisterPSMContentListener()
return rv;
}
/* Table of pref names and SSL cipher ID */
typedef struct {
const char* pref;
long id;
} CipherPref;
static CipherPref CipherPrefs[] = {
/* SSL2 ciphers */
{"security.ssl2.rc4_128", SSL_EN_RC4_128_WITH_MD5},
{"security.ssl2.rc2_128", SSL_EN_RC2_128_CBC_WITH_MD5},
{"security.ssl2.des_ede3_192", SSL_EN_DES_192_EDE3_CBC_WITH_MD5},
{"security.ssl2.des_64", SSL_EN_DES_64_CBC_WITH_MD5},
{"security.ssl2.rc4_40", SSL_EN_RC4_128_EXPORT40_WITH_MD5},
{"security.ssl2.rc2_40", SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5},
/* SSL3 ciphers */
{"security.ssl3.fortezza_fortezza_sha", SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA},
{"security.ssl3.fortezza_rc4_sha", SSL_FORTEZZA_DMS_WITH_RC4_128_SHA},
{"security.ssl3.rsa_rc4_128_md5", SSL_RSA_WITH_RC4_128_MD5},
{"security.ssl3.rsa_fips_des_ede3_sha", SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA},
{"security.ssl3.rsa_des_ede3_sha", SSL_RSA_WITH_3DES_EDE_CBC_SHA},
{"security.ssl3.rsa_fips_des_sha", SSL_RSA_FIPS_WITH_DES_CBC_SHA},
{"security.ssl3.rsa_des_sha", SSL_RSA_WITH_DES_CBC_SHA},
{"security.ssl3.rsa_1024_rc4_56_sha", TLS_RSA_EXPORT1024_WITH_RC4_56_SHA},
{"security.ssl3.rsa_1024_des_cbc_sha", TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA},
{"security.ssl3.rsa_rc4_40_md5", SSL_RSA_EXPORT_WITH_RC4_40_MD5},
{"security.ssl3.rsa_rc2_40_md5", SSL_RSA_EXPORT_WITH_RC2_CBC_40_MD5},
{"security.ssl3.fortezza_null_sha", SSL_FORTEZZA_DMS_WITH_NULL_SHA},
{"security.ssl3.rsa_null_md5", SSL_RSA_WITH_NULL_MD5},
{NULL, 0} /* end marker */
};
static void setOCSPOptions(nsIPref * pref)
{
// Set up OCSP //
@ -941,12 +915,7 @@ nsNSSComponent::InitializeNSS()
mPref->GetBoolPref("security.enable_tls", &enabled);
SSL_OptionSetDefault(SSL_ENABLE_TLS, enabled);
// Set SSL/TLS ciphers
for (CipherPref* cp = CipherPrefs; cp->pref; ++cp) {
mPref->GetBoolPref(cp->pref, &enabled);
SSL_CipherPrefSetDefault(cp->id, enabled);
}
nsCiphers::SetAllCiphersFromPrefs(mPref);
// Enable ciphers for PKCS#12
SEC_PKCS12EnableCipher(PKCS12_RC4_40, 1);
@ -1325,14 +1294,7 @@ nsNSSComponent::PrefChanged(const char* prefName)
} else if (!nsCRT::strcmp(prefName, "security.OCSP.enabled")) {
setOCSPOptions(mPref);
} else {
/* Look through the cipher table and set according to pref setting */
for (CipherPref* cp = CipherPrefs; cp->pref; ++cp) {
if (!nsCRT::strcmp(prefName, cp->pref)) {
mPref->GetBoolPref(cp->pref, &enabled);
SSL_CipherPrefSetDefault(cp->id, enabled);
break;
}
}
nsCiphers::SetCipherFromPref(mPref, prefName);
}
}

1
security/manager/ssl/src/nsNSSComponent.h
Просмотреть файл

@ -125,7 +125,6 @@ class NS_NO_VTABLE nsINSSComponent : public nsISupports {
NS_IMETHOD DefineNextTimer() = 0;
NS_IMETHOD DownloadCRLDirectly(nsAutoString, nsAutoString) = 0;
};
struct PRLock;

9
security/manager/ssl/src/nsNSSModule.cpp
Просмотреть файл

@ -46,6 +46,7 @@
#include "nsCertPicker.h"
#include "nsCURILoader.h"
#include "nsICategoryManager.h"
#include "nsCipherInfo.h"
// We must ensure that the nsNSSComponent has been loaded before
// creating any other components.
@ -155,6 +156,7 @@ NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsCMSEncoder)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsCMSMessage)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsHash)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsCertPicker)
NS_NSS_GENERIC_FACTORY_CONSTRUCTOR(PR_FALSE, nsCipherInfoService)
static NS_METHOD RegisterPSMContentListeners(
nsIComponentManager *aCompMgr,
@ -347,6 +349,13 @@ static const nsModuleComponentInfo components[] =
"@mozilla.org/uriloader/psm-external-content-listener;1",
PSMContentListenerConstructor,
RegisterPSMContentListeners
},
{
"PSM Cipher Info",
NS_CIPHERINFOSERVICE_CID,
NS_CIPHERINFOSERVICE_CONTRACTID,
nsCipherInfoServiceConstructor
}
};