Accepting request 245545 from home:msmeissn:branches:mozilla:Factory

- mod_nss-cipherlist_update_for_tls12-doc.diff, mod_nss-cipherlist_update_for_tls12.diff, mod_nss.conf.in: Added more TLS 1.2 ciphers, the CBC with SHA256. OBS-URL: https://build.opensuse.org/request/show/245545 OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/apache2-mod_nss?expand=0&rev=12
2014-08-22 07:05:09 +00:00 · 2014-08-22 07:05:09 +00:00 · 6e565211b3
commit 6e565211b3
parent ce9f02cd08
4 changed files with 42 additions and 7 deletions
--- a/apache2-mod_nss.changes
+++ b/apache2-mod_nss.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Aug 21 07:50:57 UTC 2014 - meissner@suse.com
+
+- mod_nss-cipherlist_update_for_tls12-doc.diff,
+  mod_nss-cipherlist_update_for_tls12.diff,
+  mod_nss.conf.in: Added more TLS 1.2 ciphers, the CBC with SHA256.
+
 -------------------------------------------------------------------
 Thu Jul 24 12:49:29 CEST 2014 - draht@suse.de

--- a/mod_nss-cipherlist_update_for_tls12-doc.diff
+++ b/mod_nss-cipherlist_update_for_tls12-doc.diff
@ -1,7 +1,7 @@
 diff -rNU 50 ../mod_nss-1.0.8-o/docs/mod_nss.html ./docs/mod_nss.html
 --- ../mod_nss-1.0.8-o/docs/mod_nss.html	2014-02-18 16:30:19.000000000 +0100
 +++ ./docs/mod_nss.html	2014-02-18 16:48:18.000000000 +0100
-@@ -632,100 +632,121 @@
+@@ -632,100 +632,135 @@
       </td>
       <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1/TLSv1.2</td>
     </tr>
@ -53,11 +53,18 @@ diff -rNU 50 ../mod_nss-1.0.8-o/docs/mod_nss.html ./docs/mod_nss.html
       <td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1/TLSv1.2</td>
     </tr>
 +    <tr>
+      <td style="vertical-align: top;">rsa_aes_128_sha256<br>
+      </td>
+      <td style="vertical-align: top;">TLS_RSA_WITH_AES_128_CBC_SHA256<br>
+      </td>
+      <td style="vertical-align: top;">TLSv1.2</td>
+    </tr>
+    <tr>
 +      <td style="vertical-align: top;">rsa_aes_128_gcm_sha<br>
 +      </td>
 +      <td style="vertical-align: top;">TLS_RSA_WITH_AES_128_GCM_SHA256<br>
 +      </td>
-+      <td style="vertical-align: top;">TLSv1.0/TLSv1.1/TLSv1.2</td>
+      <td style="vertical-align: top;">TLSv1.2</td>
 +    </tr>
 +    <tr>
 +      <td style="vertical-align: top;">rsa_camellia_128_sha<br>
@ -72,6 +79,13 @@ diff -rNU 50 ../mod_nss-1.0.8-o/docs/mod_nss.html ./docs/mod_nss.html
 +      <td style="vertical-align: top;">TLS_RSA_WITH_CAMELLIA_256_CBC_SHA<br>
 +      </td>
 +      <td style="vertical-align: top;">TLSv1.0/TLSv1.1/TLSv1.2</td>
+    </tr>
+    <tr>
+      <td style="vertical-align: top;">rsa_aes_256_sha256<br>
+      </td>
+      <td style="vertical-align: top;">TLS_RSA_WITH_AES_256_CBC_SHA256<br>
+      </td>
+      <td style="vertical-align: top;">TLSv1.2</td>
 +    </tr>
   </tbody>
 </table>
@ -123,7 +137,7 @@ diff -rNU 50 ../mod_nss-1.0.8-o/docs/mod_nss.html ./docs/mod_nss.html
       <td>ecdhe_ecdsa_rc4_128_sha</td>
       <td>TLS_ECDHE_ECDSA_WITH_RC4_128_SHA</td>
       <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
-@@ -773,100 +794,120 @@
+@@ -773,100 +794,130 @@
     <tr>
       <td>echde_rsa_null</td>
       <td>TLS_ECDHE_RSA_WITH_NULL_SHA</td>
@ -175,6 +189,16 @@ diff -rNU 50 ../mod_nss-1.0.8-o/docs/mod_nss.html ./docs/mod_nss.html
       <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
     </tr>
 +    <tr>
+      <td>ecdh_ecdsa_aes_128_sha256</td>
+      <td>TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256</td>
+      <td>TLSv1.2</td>
+    </tr>
+    <tr>
+      <td>ecdh_rsa_aes_128_sha256</td>
+      <td>TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256</td>
+      <td>TLSv1.2</td>
+    </tr>
+    <tr>
 +      <td>ecdh_ecdsa_aes_128_gcm_sha</td>
 +      <td>TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256</td>
 +      <td>TLSv1.0/TLSv1.1/TLSv1.2</td>
--- a/mod_nss-cipherlist_update_for_tls12.diff
+++ b/mod_nss-cipherlist_update_for_tls12.diff
@ -53,10 +53,10 @@ diff -rNU 50 ../mod_nss-1.0.8-o/mod_nss.h ./mod_nss.h
 /* the table itself is defined in nss_engine_init.c */
 #ifdef NSS_ENABLE_ECC
 -#define ciphernum 48
-+#define ciphernum 55
+#define ciphernum 59
 #else
 -#define ciphernum 23
-+#define ciphernum 26
+#define ciphernum 28
 #endif
 
 /*
@ -110,7 +110,7 @@ diff -rNU 50 ../mod_nss-1.0.8-o/mod_nss.h ./mod_nss.h
 diff -rNU 50 ../mod_nss-1.0.8-o/nss_engine_init.c ./nss_engine_init.c
 --- ../mod_nss-1.0.8-o/nss_engine_init.c	2014-02-18 16:30:19.000000000 +0100
 +++ ./nss_engine_init.c	2014-02-18 16:30:51.000000000 +0100
-@@ -15,122 +15,130 @@
+@@ -15,122 +15,134 @@
 
 #include "mod_nss.h"
 #include "apr_thread_proc.h"
@ -161,9 +161,11 @@ diff -rNU 50 ../mod_nss-1.0.8-o/nss_engine_init.c ./nss_engine_init.c
     {"rsa_rc4_56_sha", TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, 0, SSL3 | TLS},
     /* AES ciphers.*/
     {"rsa_aes_128_sha", TLS_RSA_WITH_AES_128_CBC_SHA, 0, SSL3 | TLS},
+    {"rsa_aes_128_sha256", TLS_RSA_WITH_AES_128_CBC_SHA256, 0, TLS},
 +    {"rsa_aes_128_gcm_sha", TLS_RSA_WITH_AES_128_GCM_SHA256, 0, TLS},
 +    {"rsa_camellia_128_sha", TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, 0, TLS},
     {"rsa_aes_256_sha", TLS_RSA_WITH_AES_256_CBC_SHA, 0, SSL3 | TLS},
+    {"rsa_aes_256_sha256", TLS_RSA_WITH_AES_256_CBC_SHA256, 0, TLS},
 +    {"rsa_camellia_256_sha", TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, 0, TLS},
 +
 #ifdef NSS_ENABLE_ECC
@ -178,6 +180,7 @@ diff -rNU 50 ../mod_nss-1.0.8-o/nss_engine_init.c ./nss_engine_init.c
     {"ecdhe_ecdsa_rc4_128_sha", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 0, TLS},
     {"ecdhe_ecdsa_3des_sha", TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, 0, TLS},
     {"ecdhe_ecdsa_aes_128_sha", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 0, TLS},
+    {"ecdhe_ecdsa_aes_128_sha256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 0, TLS},
 +    {"ecdhe_ecdsa_aes_128_gcm_sha", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0, TLS},
     {"ecdhe_ecdsa_aes_256_sha", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 0, TLS},
     {"ecdh_rsa_null_sha", TLS_ECDH_RSA_WITH_NULL_SHA, 0, TLS},
@ -190,6 +193,7 @@ diff -rNU 50 ../mod_nss-1.0.8-o/nss_engine_init.c ./nss_engine_init.c
     {"ecdhe_rsa_rc4_128_sha", TLS_ECDHE_RSA_WITH_RC4_128_SHA, 0, TLS},
     {"ecdhe_rsa_3des_sha", TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 0, TLS},
     {"ecdhe_rsa_aes_128_sha", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0, TLS},
+    {"ecdhe_rsa_aes_128_sha256", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 0, TLS},
 +    {"ecdhe_rsa_aes_128_gcm_sha", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0, TLS},
     {"ecdhe_rsa_aes_256_sha", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0, TLS},
     {"ecdh_anon_null_sha", TLS_ECDH_anon_WITH_NULL_SHA, 0, TLS},
--- a/mod_nss.conf.in
+++ b/mod_nss.conf.in
@ -216,7 +216,7 @@ NSSRequireSafeNegotiation off
 # * no rc4, no 3des, no des
 # * ephemeral is what you want (PFS).
 # * EC has precedence over RSA
-NSSCipherSuite +ecdhe_ecdsa_aes_128_gcm_sha,+ecdh_ecdsa_aes_128_gcm_sha,+ecdhe_rsa_aes_256_sha,+ecdh_rsa_aes_256_sha,+ecdhe_rsa_aes_128_gcm_sha,+ecdh_rsa_aes_128_gcm_sha,+ecdhe_rsa_aes_128_sha,+ecdh_rsa_aes_128_sha,+rsa_aes_128_gcm_sha,+rsa_aes_256_sha,+rsa_aes_128_sha
+NSSCipherSuite +ecdhe_ecdsa_aes_128_gcm_sha,+ecdh_ecdsa_aes_128_gcm_sha,+ecdhe_rsa_aes_256_sha,+ecdh_rsa_aes_256_sha,+ecdhe_rsa_aes_128_gcm_sha,+ecdh_rsa_aes_128_gcm_sha,+ecdhe_rsa_aes_128_sha,+ecdh_rsa_aes_128_sha,+rsa_aes_128_gcm_sha,+rsa_aes_256_sha,+rsa_aes_128_sha,+rsa_aes_128_sha256,+ecdhe_rsa_aes_256_sha256,+rsa_aes_256_sha256,+ecdhe_rsa_aes_256_sha256

 #   SSL Protocol:
 #   Cryptographic protocols that provide communication security.