1
0

Accepting request 245545 from home:msmeissn:branches:mozilla:Factory

- mod_nss-cipherlist_update_for_tls12-doc.diff,
  mod_nss-cipherlist_update_for_tls12.diff,
  mod_nss.conf.in: Added more TLS 1.2 ciphers, the CBC with SHA256.

OBS-URL: https://build.opensuse.org/request/show/245545
OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/apache2-mod_nss?expand=0&rev=12
This commit is contained in:
Wolfgang Rosenauer 2014-08-22 07:05:09 +00:00 committed by Git OBS Bridge
parent ce9f02cd08
commit 6e565211b3
4 changed files with 42 additions and 7 deletions

View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Thu Aug 21 07:50:57 UTC 2014 - meissner@suse.com
- mod_nss-cipherlist_update_for_tls12-doc.diff,
mod_nss-cipherlist_update_for_tls12.diff,
mod_nss.conf.in: Added more TLS 1.2 ciphers, the CBC with SHA256.
-------------------------------------------------------------------
Thu Jul 24 12:49:29 CEST 2014 - draht@suse.de

View File

@ -1,7 +1,7 @@
diff -rNU 50 ../mod_nss-1.0.8-o/docs/mod_nss.html ./docs/mod_nss.html
--- ../mod_nss-1.0.8-o/docs/mod_nss.html 2014-02-18 16:30:19.000000000 +0100
+++ ./docs/mod_nss.html 2014-02-18 16:48:18.000000000 +0100
@@ -632,100 +632,121 @@
@@ -632,100 +632,135 @@
</td>
<td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
@ -53,11 +53,18 @@ diff -rNU 50 ../mod_nss-1.0.8-o/docs/mod_nss.html ./docs/mod_nss.html
<td style="vertical-align: top;">SSLv3/TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
+ <tr>
+ <td style="vertical-align: top;">rsa_aes_128_sha256<br>
+ </td>
+ <td style="vertical-align: top;">TLS_RSA_WITH_AES_128_CBC_SHA256<br>
+ </td>
+ <td style="vertical-align: top;">TLSv1.2</td>
+ </tr>
+ <tr>
+ <td style="vertical-align: top;">rsa_aes_128_gcm_sha<br>
+ </td>
+ <td style="vertical-align: top;">TLS_RSA_WITH_AES_128_GCM_SHA256<br>
+ </td>
+ <td style="vertical-align: top;">TLSv1.0/TLSv1.1/TLSv1.2</td>
+ <td style="vertical-align: top;">TLSv1.2</td>
+ </tr>
+ <tr>
+ <td style="vertical-align: top;">rsa_camellia_128_sha<br>
@ -72,6 +79,13 @@ diff -rNU 50 ../mod_nss-1.0.8-o/docs/mod_nss.html ./docs/mod_nss.html
+ <td style="vertical-align: top;">TLS_RSA_WITH_CAMELLIA_256_CBC_SHA<br>
+ </td>
+ <td style="vertical-align: top;">TLSv1.0/TLSv1.1/TLSv1.2</td>
+ </tr>
+ <tr>
+ <td style="vertical-align: top;">rsa_aes_256_sha256<br>
+ </td>
+ <td style="vertical-align: top;">TLS_RSA_WITH_AES_256_CBC_SHA256<br>
+ </td>
+ <td style="vertical-align: top;">TLSv1.2</td>
+ </tr>
</tbody>
</table>
@ -123,7 +137,7 @@ diff -rNU 50 ../mod_nss-1.0.8-o/docs/mod_nss.html ./docs/mod_nss.html
<td>ecdhe_ecdsa_rc4_128_sha</td>
<td>TLS_ECDHE_ECDSA_WITH_RC4_128_SHA</td>
<td>TLSv1.0/TLSv1.1/TLSv1.2</td>
@@ -773,100 +794,120 @@
@@ -773,100 +794,130 @@
<tr>
<td>echde_rsa_null</td>
<td>TLS_ECDHE_RSA_WITH_NULL_SHA</td>
@ -175,6 +189,16 @@ diff -rNU 50 ../mod_nss-1.0.8-o/docs/mod_nss.html ./docs/mod_nss.html
<td>TLSv1.0/TLSv1.1/TLSv1.2</td>
</tr>
+ <tr>
+ <td>ecdh_ecdsa_aes_128_sha256</td>
+ <td>TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256</td>
+ <td>TLSv1.2</td>
+ </tr>
+ <tr>
+ <td>ecdh_rsa_aes_128_sha256</td>
+ <td>TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256</td>
+ <td>TLSv1.2</td>
+ </tr>
+ <tr>
+ <td>ecdh_ecdsa_aes_128_gcm_sha</td>
+ <td>TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256</td>
+ <td>TLSv1.0/TLSv1.1/TLSv1.2</td>

View File

@ -53,10 +53,10 @@ diff -rNU 50 ../mod_nss-1.0.8-o/mod_nss.h ./mod_nss.h
/* the table itself is defined in nss_engine_init.c */
#ifdef NSS_ENABLE_ECC
-#define ciphernum 48
+#define ciphernum 55
+#define ciphernum 59
#else
-#define ciphernum 23
+#define ciphernum 26
+#define ciphernum 28
#endif
/*
@ -110,7 +110,7 @@ diff -rNU 50 ../mod_nss-1.0.8-o/mod_nss.h ./mod_nss.h
diff -rNU 50 ../mod_nss-1.0.8-o/nss_engine_init.c ./nss_engine_init.c
--- ../mod_nss-1.0.8-o/nss_engine_init.c 2014-02-18 16:30:19.000000000 +0100
+++ ./nss_engine_init.c 2014-02-18 16:30:51.000000000 +0100
@@ -15,122 +15,130 @@
@@ -15,122 +15,134 @@
#include "mod_nss.h"
#include "apr_thread_proc.h"
@ -161,9 +161,11 @@ diff -rNU 50 ../mod_nss-1.0.8-o/nss_engine_init.c ./nss_engine_init.c
{"rsa_rc4_56_sha", TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, 0, SSL3 | TLS},
/* AES ciphers.*/
{"rsa_aes_128_sha", TLS_RSA_WITH_AES_128_CBC_SHA, 0, SSL3 | TLS},
+ {"rsa_aes_128_sha256", TLS_RSA_WITH_AES_128_CBC_SHA256, 0, TLS},
+ {"rsa_aes_128_gcm_sha", TLS_RSA_WITH_AES_128_GCM_SHA256, 0, TLS},
+ {"rsa_camellia_128_sha", TLS_RSA_WITH_CAMELLIA_128_CBC_SHA, 0, TLS},
{"rsa_aes_256_sha", TLS_RSA_WITH_AES_256_CBC_SHA, 0, SSL3 | TLS},
+ {"rsa_aes_256_sha256", TLS_RSA_WITH_AES_256_CBC_SHA256, 0, TLS},
+ {"rsa_camellia_256_sha", TLS_RSA_WITH_CAMELLIA_256_CBC_SHA, 0, TLS},
+
#ifdef NSS_ENABLE_ECC
@ -178,6 +180,7 @@ diff -rNU 50 ../mod_nss-1.0.8-o/nss_engine_init.c ./nss_engine_init.c
{"ecdhe_ecdsa_rc4_128_sha", TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, 0, TLS},
{"ecdhe_ecdsa_3des_sha", TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, 0, TLS},
{"ecdhe_ecdsa_aes_128_sha", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 0, TLS},
+ {"ecdhe_ecdsa_aes_128_sha256", TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, 0, TLS},
+ {"ecdhe_ecdsa_aes_128_gcm_sha", TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, 0, TLS},
{"ecdhe_ecdsa_aes_256_sha", TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, 0, TLS},
{"ecdh_rsa_null_sha", TLS_ECDH_RSA_WITH_NULL_SHA, 0, TLS},
@ -190,6 +193,7 @@ diff -rNU 50 ../mod_nss-1.0.8-o/nss_engine_init.c ./nss_engine_init.c
{"ecdhe_rsa_rc4_128_sha", TLS_ECDHE_RSA_WITH_RC4_128_SHA, 0, TLS},
{"ecdhe_rsa_3des_sha", TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, 0, TLS},
{"ecdhe_rsa_aes_128_sha", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, 0, TLS},
+ {"ecdhe_rsa_aes_128_sha256", TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, 0, TLS},
+ {"ecdhe_rsa_aes_128_gcm_sha", TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, 0, TLS},
{"ecdhe_rsa_aes_256_sha", TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, 0, TLS},
{"ecdh_anon_null_sha", TLS_ECDH_anon_WITH_NULL_SHA, 0, TLS},

View File

@ -216,7 +216,7 @@ NSSRequireSafeNegotiation off
# * no rc4, no 3des, no des
# * ephemeral is what you want (PFS).
# * EC has precedence over RSA
NSSCipherSuite +ecdhe_ecdsa_aes_128_gcm_sha,+ecdh_ecdsa_aes_128_gcm_sha,+ecdhe_rsa_aes_256_sha,+ecdh_rsa_aes_256_sha,+ecdhe_rsa_aes_128_gcm_sha,+ecdh_rsa_aes_128_gcm_sha,+ecdhe_rsa_aes_128_sha,+ecdh_rsa_aes_128_sha,+rsa_aes_128_gcm_sha,+rsa_aes_256_sha,+rsa_aes_128_sha
NSSCipherSuite +ecdhe_ecdsa_aes_128_gcm_sha,+ecdh_ecdsa_aes_128_gcm_sha,+ecdhe_rsa_aes_256_sha,+ecdh_rsa_aes_256_sha,+ecdhe_rsa_aes_128_gcm_sha,+ecdh_rsa_aes_128_gcm_sha,+ecdhe_rsa_aes_128_sha,+ecdh_rsa_aes_128_sha,+rsa_aes_128_gcm_sha,+rsa_aes_256_sha,+rsa_aes_128_sha,+rsa_aes_128_sha256,+ecdhe_rsa_aes_256_sha256,+rsa_aes_256_sha256,+ecdhe_rsa_aes_256_sha256
# SSL Protocol:
# Cryptographic protocols that provide communication security.