Overview

File update-ciphers.patch of Package apache2-mod_nss.463

Index: mod_nss-1.0.8/nss_engine_init.c
===================================================================
--- mod_nss-1.0.8.orig/nss_engine_init.c	2015-09-07 09:56:54.148244174 +0200
+++ mod_nss-1.0.8/nss_engine_init.c	2015-09-07 09:58:19.368215557 +0200
@@ -36,15 +36,11 @@ PRInt32 ownSSLSNISocketConfig(PRFileDesc
  */
 char* INTERNAL_TOKEN_NAME = "internal                         ";
 
+/* When adding or removing ciphers from this table,
+   remember to adjust the ciphernum constant in mod_nss.h
+*/
 cipher_properties ciphers_def[ciphernum] =
 {
-    /* SSL2 cipher suites */
-    {"rc4", SSL_EN_RC4_128_WITH_MD5, 0, SSL2},
-    {"rc4export", SSL_EN_RC4_128_EXPORT40_WITH_MD5, 0, SSL2},
-    {"rc2", SSL_EN_RC2_128_CBC_WITH_MD5, 0, SSL2},
-    {"rc2export", SSL_EN_RC2_128_CBC_EXPORT40_WITH_MD5, 0, SSL2},
-    {"des", SSL_EN_DES_64_CBC_WITH_MD5, 0, SSL2},
-    {"desede3", SSL_EN_DES_192_EDE3_CBC_WITH_MD5, 0, SSL2},
     /* SSL3/TLS cipher suites */
     {"rsa_rc4_128_md5", SSL_RSA_WITH_RC4_128_MD5, 0, SSL3 | TLS},
     {"rsa_rc4_128_sha", SSL_RSA_WITH_RC4_128_SHA, 0, SSL3 | TLS},
@@ -56,9 +52,6 @@ cipher_properties ciphers_def[ciphernum]
     {"rsa_null_sha", SSL_RSA_WITH_NULL_SHA, 0, SSL3 | TLS},
     {"fips_3des_sha", SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, 0, SSL3 | TLS},
     {"fips_des_sha", SSL_RSA_FIPS_WITH_DES_CBC_SHA, 0, SSL3 | TLS},
-    {"fortezza", SSL_FORTEZZA_DMS_WITH_FORTEZZA_CBC_SHA, 1, SSL3 | TLS},
-    {"fortezza_rc4_128_sha", SSL_FORTEZZA_DMS_WITH_RC4_128_SHA, 1, SSL3 | TLS},
-    {"fortezza_null", SSL_FORTEZZA_DMS_WITH_NULL_SHA, 1, SSL3 | TLS},
     /* TLS 1.0: Exportable 56-bit Cipher Suites. */
     {"rsa_des_56_sha", TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, 0, SSL3 | TLS},
     {"rsa_rc4_56_sha", TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, 0, SSL3 | TLS},
Index: mod_nss-1.0.8/mod_nss.h
===================================================================
--- mod_nss-1.0.8.orig/mod_nss.h	2015-09-07 09:56:54.148244174 +0200
+++ mod_nss-1.0.8/mod_nss.h	2015-09-07 09:56:56.396269772 +0200
@@ -380,9 +380,9 @@ enum sslversion { SSL2=1, SSL3=2, TLS=4}
 
 /* the table itself is defined in nss_engine_init.c */
 #ifdef NSS_ENABLE_ECC
-#define ciphernum 59
+#define ciphernum 50
 #else
-#define ciphernum 28
+#define ciphernum 19
 #endif
 
 /*
Index: mod_nss-1.0.8/nss.conf.in
===================================================================
--- mod_nss-1.0.8.orig/nss.conf.in	2015-09-07 09:56:54.139244072 +0200
+++ mod_nss-1.0.8/nss.conf.in	2015-09-07 09:56:54.156244265 +0200
@@ -90,13 +90,13 @@ NSSEngine on
 #   See the mod_nss documentation for a complete list.
 
 # SSL 3 ciphers. SSL 2 is disabled by default.
-NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
+NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha
 
 # SSL 3 ciphers + ECC ciphers. SSL 2 is disabled by default.
 #
 # Comment out the NSSCipherSuite line above and use the one below if you have
 # ECC enabled NSS and mod_nss and want to use Elliptical Curve Cryptography
-#NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-fortezza,-fortezza_rc4_128_sha,-fortezza_null,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha,-ecdh_ecdsa_null_sha,+ecdh_ecdsa_rc4_128_sha,+ecdh_ecdsa_3des_sha,+ecdh_ecdsa_aes_128_sha,+ecdh_ecdsa_aes_256_sha,-ecdhe_ecdsa_null_sha,+ecdhe_ecdsa_rc4_128_sha,+ecdhe_ecdsa_3des_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,-ecdh_rsa_null_sha,+ecdh_rsa_128_sha,+ecdh_rsa_3des_sha,+ecdh_rsa_aes_128_sha,+ecdh_rsa_aes_256_sha,-echde_rsa_null,+ecdhe_rsa_rc4_128_sha,+ecdhe_rsa_3des_sha,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_sha
+#NSSCipherSuite +rsa_rc4_128_md5,+rsa_rc4_128_sha,+rsa_3des_sha,-rsa_des_sha,-rsa_rc4_40_md5,-rsa_rc2_40_md5,-rsa_null_md5,-rsa_null_sha,+fips_3des_sha,-fips_des_sha,-rsa_des_56_sha,-rsa_rc4_56_sha,+rsa_aes_128_sha,+rsa_aes_256_sha,-ecdh_ecdsa_null_sha,+ecdh_ecdsa_rc4_128_sha,+ecdh_ecdsa_3des_sha,+ecdh_ecdsa_aes_128_sha,+ecdh_ecdsa_aes_256_sha,-ecdhe_ecdsa_null_sha,+ecdhe_ecdsa_rc4_128_sha,+ecdhe_ecdsa_3des_sha,+ecdhe_ecdsa_aes_128_sha,+ecdhe_ecdsa_aes_256_sha,-ecdh_rsa_null_sha,+ecdh_rsa_128_sha,+ecdh_rsa_3des_sha,+ecdh_rsa_aes_128_sha,+ecdh_rsa_aes_256_sha,-echde_rsa_null,+ecdhe_rsa_rc4_128_sha,+ecdhe_rsa_3des_sha,+ecdhe_rsa_aes_128_sha,+ecdhe_rsa_aes_256_sha
 
 NSSProtocol TLSv1.0,TLSv1.1,TLSv1.2
openSUSE Build Service is sponsored by
Places