Date: Wed, 15 Oct 2014 02:24:40 GMT From: svn-freebsd-gecko@chruetertee.ch To: freebsd-gecko@freebsd.org Subject: [SVN-Commit] r1731 - branches/firefox33/mail/thunderbird/files branches/firefox33/www/firefox-esr/files branches/firefox33/www/firefox-nightly/files branches/firefox33/www/firefox/files branches/firefox33/www/libxul/files branches/firefox33/www/seamonkey/files trunk/mail/thunderbird/files trunk/www/firefox-esr/files trunk/www/firefox-nightly/files trunk/www/firefox/files trunk/www/libxul/files trunk/www/seamonkey/files Message-ID: <201410150224.s9F2OemT092255@trillian.chruetertee.ch>
next in thread | raw e-mail | index | archive | help
Author: jbeich Date: Wed Oct 15 02:24:39 2014 New Revision: 1731 Log: apply poodle fix to avoid waiting for release channels Reported by: des Added: branches/firefox33/mail/thunderbird/files/patch-bug1076983 branches/firefox33/www/firefox-esr/files/patch-bug1076983 branches/firefox33/www/firefox-nightly/files/patch-bug1076983 branches/firefox33/www/firefox/files/patch-bug1076983 branches/firefox33/www/libxul/files/patch-bug1076983 branches/firefox33/www/seamonkey/files/patch-bug1076983 trunk/mail/thunderbird/files/patch-bug1076983 trunk/www/firefox-esr/files/patch-bug1076983 trunk/www/firefox-nightly/files/patch-bug1076983 trunk/www/firefox/files/patch-bug1076983 trunk/www/libxul/files/patch-bug1076983 trunk/www/seamonkey/files/patch-bug1076983 Added: branches/firefox33/mail/thunderbird/files/patch-bug1076983 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/firefox33/mail/thunderbird/files/patch-bug1076983 Wed Oct 15 02:24:39 2014 (r1731) @@ -0,0 +1,45 @@ +commit e10ee74 +Author: Martin Thomson <martin.thomson@gmail.com> +Date: Tue Oct 14 17:17:35 2014 -0700 + + Bug 1076983 - Disabling SSL 3.0 with pref +--- + netwerk/base/public/security-prefs.js | 2 +- + security/manager/ssl/src/nsNSSComponent.cpp | 7 +++---- + 2 files changed, 4 insertions(+), 5 deletions(-) + +diff --git netwerk/base/public/security-prefs.js netwerk/base/public/security-prefs.js +index 352552e..c12731b 100644 +--- mozilla/netwerk/base/public/security-prefs.js ++++ mozilla/netwerk/base/public/security-prefs.js +@@ -2,7 +2,7 @@ + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +-pref("security.tls.version.min", 0); ++pref("security.tls.version.min", 1); + pref("security.tls.version.max", 3); + + pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false); +diff --git security/manager/ssl/src/nsNSSComponent.cpp security/manager/ssl/src/nsNSSComponent.cpp +index 8cab67b..772959d 100644 +--- mozilla/security/manager/ssl/src/nsNSSComponent.cpp ++++ mozilla/security/manager/ssl/src/nsNSSComponent.cpp +@@ -829,14 +829,13 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting, + mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc, pinningMode); + } + +-// Enable the TLS versions given in the prefs, defaulting to SSL 3.0 (min +-// version) and TLS 1.2 (max version) when the prefs aren't set or set to +-// invalid values. ++// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and ++// TLS 1.2 (max) when the prefs aren't set or set to invalid values. + nsresult + nsNSSComponent::setEnabledTLSVersions() + { + // keep these values in sync with security-prefs.js +- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 0; ++ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 1; + static const int32_t PSM_DEFAULT_MAX_TLS_VERSION = 3; + + int32_t minVersion = Preferences::GetInt("security.tls.version.min", Added: branches/firefox33/www/firefox-esr/files/patch-bug1076983 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/firefox33/www/firefox-esr/files/patch-bug1076983 Wed Oct 15 02:24:39 2014 (r1731) @@ -0,0 +1,45 @@ +commit e10ee74 +Author: Martin Thomson <martin.thomson@gmail.com> +Date: Tue Oct 14 17:17:35 2014 -0700 + + Bug 1076983 - Disabling SSL 3.0 with pref +--- + netwerk/base/public/security-prefs.js | 2 +- + security/manager/ssl/src/nsNSSComponent.cpp | 7 +++---- + 2 files changed, 4 insertions(+), 5 deletions(-) + +diff --git netwerk/base/public/security-prefs.js netwerk/base/public/security-prefs.js +index 352552e..c12731b 100644 +--- netwerk/base/public/security-prefs.js ++++ netwerk/base/public/security-prefs.js +@@ -2,7 +2,7 @@ + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +-pref("security.tls.version.min", 0); ++pref("security.tls.version.min", 1); + pref("security.tls.version.max", 3); + + pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false); +diff --git security/manager/ssl/src/nsNSSComponent.cpp security/manager/ssl/src/nsNSSComponent.cpp +index 8cab67b..772959d 100644 +--- security/manager/ssl/src/nsNSSComponent.cpp ++++ security/manager/ssl/src/nsNSSComponent.cpp +@@ -829,14 +829,13 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting, + mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc, pinningMode); + } + +-// Enable the TLS versions given in the prefs, defaulting to SSL 3.0 (min +-// version) and TLS 1.2 (max version) when the prefs aren't set or set to +-// invalid values. ++// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and ++// TLS 1.2 (max) when the prefs aren't set or set to invalid values. + nsresult + nsNSSComponent::setEnabledTLSVersions() + { + // keep these values in sync with security-prefs.js +- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 0; ++ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 1; + static const int32_t PSM_DEFAULT_MAX_TLS_VERSION = 3; + + int32_t minVersion = Preferences::GetInt("security.tls.version.min", Added: branches/firefox33/www/firefox-nightly/files/patch-bug1076983 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/firefox33/www/firefox-nightly/files/patch-bug1076983 Wed Oct 15 02:24:39 2014 (r1731) @@ -0,0 +1,45 @@ +commit e10ee74 +Author: Martin Thomson <martin.thomson@gmail.com> +Date: Tue Oct 14 17:17:35 2014 -0700 + + Bug 1076983 - Disabling SSL 3.0 with pref +--- + netwerk/base/public/security-prefs.js | 2 +- + security/manager/ssl/src/nsNSSComponent.cpp | 7 +++---- + 2 files changed, 4 insertions(+), 5 deletions(-) + +diff --git netwerk/base/public/security-prefs.js netwerk/base/public/security-prefs.js +index 352552e..c12731b 100644 +--- netwerk/base/public/security-prefs.js ++++ netwerk/base/public/security-prefs.js +@@ -2,7 +2,7 @@ + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +-pref("security.tls.version.min", 0); ++pref("security.tls.version.min", 1); + pref("security.tls.version.max", 3); + + pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false); +diff --git security/manager/ssl/src/nsNSSComponent.cpp security/manager/ssl/src/nsNSSComponent.cpp +index 8cab67b..772959d 100644 +--- security/manager/ssl/src/nsNSSComponent.cpp ++++ security/manager/ssl/src/nsNSSComponent.cpp +@@ -829,14 +829,13 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting, + mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc, pinningMode); + } + +-// Enable the TLS versions given in the prefs, defaulting to SSL 3.0 (min +-// version) and TLS 1.2 (max version) when the prefs aren't set or set to +-// invalid values. ++// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and ++// TLS 1.2 (max) when the prefs aren't set or set to invalid values. + nsresult + nsNSSComponent::setEnabledTLSVersions() + { + // keep these values in sync with security-prefs.js +- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 0; ++ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 1; + static const int32_t PSM_DEFAULT_MAX_TLS_VERSION = 3; + + int32_t minVersion = Preferences::GetInt("security.tls.version.min", Added: branches/firefox33/www/firefox/files/patch-bug1076983 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/firefox33/www/firefox/files/patch-bug1076983 Wed Oct 15 02:24:39 2014 (r1731) @@ -0,0 +1,45 @@ +commit e10ee74 +Author: Martin Thomson <martin.thomson@gmail.com> +Date: Tue Oct 14 17:17:35 2014 -0700 + + Bug 1076983 - Disabling SSL 3.0 with pref +--- + netwerk/base/public/security-prefs.js | 2 +- + security/manager/ssl/src/nsNSSComponent.cpp | 7 +++---- + 2 files changed, 4 insertions(+), 5 deletions(-) + +diff --git netwerk/base/public/security-prefs.js netwerk/base/public/security-prefs.js +index 352552e..c12731b 100644 +--- netwerk/base/public/security-prefs.js ++++ netwerk/base/public/security-prefs.js +@@ -2,7 +2,7 @@ + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +-pref("security.tls.version.min", 0); ++pref("security.tls.version.min", 1); + pref("security.tls.version.max", 3); + + pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false); +diff --git security/manager/ssl/src/nsNSSComponent.cpp security/manager/ssl/src/nsNSSComponent.cpp +index 8cab67b..772959d 100644 +--- security/manager/ssl/src/nsNSSComponent.cpp ++++ security/manager/ssl/src/nsNSSComponent.cpp +@@ -829,14 +829,13 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting, + mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc, pinningMode); + } + +-// Enable the TLS versions given in the prefs, defaulting to SSL 3.0 (min +-// version) and TLS 1.2 (max version) when the prefs aren't set or set to +-// invalid values. ++// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and ++// TLS 1.2 (max) when the prefs aren't set or set to invalid values. + nsresult + nsNSSComponent::setEnabledTLSVersions() + { + // keep these values in sync with security-prefs.js +- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 0; ++ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 1; + static const int32_t PSM_DEFAULT_MAX_TLS_VERSION = 3; + + int32_t minVersion = Preferences::GetInt("security.tls.version.min", Added: branches/firefox33/www/libxul/files/patch-bug1076983 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/firefox33/www/libxul/files/patch-bug1076983 Wed Oct 15 02:24:39 2014 (r1731) @@ -0,0 +1,45 @@ +commit e10ee74 +Author: Martin Thomson <martin.thomson@gmail.com> +Date: Tue Oct 14 17:17:35 2014 -0700 + + Bug 1076983 - Disabling SSL 3.0 with pref +--- + netwerk/base/public/security-prefs.js | 2 +- + security/manager/ssl/src/nsNSSComponent.cpp | 7 +++---- + 2 files changed, 4 insertions(+), 5 deletions(-) + +diff --git netwerk/base/public/security-prefs.js netwerk/base/public/security-prefs.js +index 352552e..c12731b 100644 +--- netwerk/base/public/security-prefs.js ++++ netwerk/base/public/security-prefs.js +@@ -2,7 +2,7 @@ + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +-pref("security.tls.version.min", 0); ++pref("security.tls.version.min", 1); + pref("security.tls.version.max", 3); + + pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false); +diff --git security/manager/ssl/src/nsNSSComponent.cpp security/manager/ssl/src/nsNSSComponent.cpp +index 8cab67b..772959d 100644 +--- security/manager/ssl/src/nsNSSComponent.cpp ++++ security/manager/ssl/src/nsNSSComponent.cpp +@@ -829,14 +829,13 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting, + mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc, pinningMode); + } + +-// Enable the TLS versions given in the prefs, defaulting to SSL 3.0 (min +-// version) and TLS 1.2 (max version) when the prefs aren't set or set to +-// invalid values. ++// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and ++// TLS 1.2 (max) when the prefs aren't set or set to invalid values. + nsresult + nsNSSComponent::setEnabledTLSVersions() + { + // keep these values in sync with security-prefs.js +- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 0; ++ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 1; + static const int32_t PSM_DEFAULT_MAX_TLS_VERSION = 3; + + int32_t minVersion = Preferences::GetInt("security.tls.version.min", Added: branches/firefox33/www/seamonkey/files/patch-bug1076983 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/firefox33/www/seamonkey/files/patch-bug1076983 Wed Oct 15 02:24:39 2014 (r1731) @@ -0,0 +1,45 @@ +commit e10ee74 +Author: Martin Thomson <martin.thomson@gmail.com> +Date: Tue Oct 14 17:17:35 2014 -0700 + + Bug 1076983 - Disabling SSL 3.0 with pref +--- + netwerk/base/public/security-prefs.js | 2 +- + security/manager/ssl/src/nsNSSComponent.cpp | 7 +++---- + 2 files changed, 4 insertions(+), 5 deletions(-) + +diff --git netwerk/base/public/security-prefs.js netwerk/base/public/security-prefs.js +index 352552e..c12731b 100644 +--- mozilla/netwerk/base/public/security-prefs.js ++++ mozilla/netwerk/base/public/security-prefs.js +@@ -2,7 +2,7 @@ + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +-pref("security.tls.version.min", 0); ++pref("security.tls.version.min", 1); + pref("security.tls.version.max", 3); + + pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false); +diff --git security/manager/ssl/src/nsNSSComponent.cpp security/manager/ssl/src/nsNSSComponent.cpp +index 8cab67b..772959d 100644 +--- mozilla/security/manager/ssl/src/nsNSSComponent.cpp ++++ mozilla/security/manager/ssl/src/nsNSSComponent.cpp +@@ -829,14 +829,13 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting, + mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc, pinningMode); + } + +-// Enable the TLS versions given in the prefs, defaulting to SSL 3.0 (min +-// version) and TLS 1.2 (max version) when the prefs aren't set or set to +-// invalid values. ++// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and ++// TLS 1.2 (max) when the prefs aren't set or set to invalid values. + nsresult + nsNSSComponent::setEnabledTLSVersions() + { + // keep these values in sync with security-prefs.js +- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 0; ++ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 1; + static const int32_t PSM_DEFAULT_MAX_TLS_VERSION = 3; + + int32_t minVersion = Preferences::GetInt("security.tls.version.min", Added: trunk/mail/thunderbird/files/patch-bug1076983 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/mail/thunderbird/files/patch-bug1076983 Wed Oct 15 02:24:39 2014 (r1731) @@ -0,0 +1,45 @@ +commit e10ee74 +Author: Martin Thomson <martin.thomson@gmail.com> +Date: Tue Oct 14 17:17:35 2014 -0700 + + Bug 1076983 - Disabling SSL 3.0 with pref +--- + netwerk/base/public/security-prefs.js | 2 +- + security/manager/ssl/src/nsNSSComponent.cpp | 7 +++---- + 2 files changed, 4 insertions(+), 5 deletions(-) + +diff --git netwerk/base/public/security-prefs.js netwerk/base/public/security-prefs.js +index 352552e..c12731b 100644 +--- mozilla/netwerk/base/public/security-prefs.js ++++ mozilla/netwerk/base/public/security-prefs.js +@@ -2,7 +2,7 @@ + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +-pref("security.tls.version.min", 0); ++pref("security.tls.version.min", 1); + pref("security.tls.version.max", 3); + + pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false); +diff --git security/manager/ssl/src/nsNSSComponent.cpp security/manager/ssl/src/nsNSSComponent.cpp +index 8cab67b..772959d 100644 +--- mozilla/security/manager/ssl/src/nsNSSComponent.cpp ++++ mozilla/security/manager/ssl/src/nsNSSComponent.cpp +@@ -829,14 +829,13 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting, + mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc, pinningMode); + } + +-// Enable the TLS versions given in the prefs, defaulting to SSL 3.0 (min +-// version) and TLS 1.2 (max version) when the prefs aren't set or set to +-// invalid values. ++// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and ++// TLS 1.2 (max) when the prefs aren't set or set to invalid values. + nsresult + nsNSSComponent::setEnabledTLSVersions() + { + // keep these values in sync with security-prefs.js +- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 0; ++ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 1; + static const int32_t PSM_DEFAULT_MAX_TLS_VERSION = 3; + + int32_t minVersion = Preferences::GetInt("security.tls.version.min", Added: trunk/www/firefox-esr/files/patch-bug1076983 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/www/firefox-esr/files/patch-bug1076983 Wed Oct 15 02:24:39 2014 (r1731) @@ -0,0 +1,45 @@ +commit e10ee74 +Author: Martin Thomson <martin.thomson@gmail.com> +Date: Tue Oct 14 17:17:35 2014 -0700 + + Bug 1076983 - Disabling SSL 3.0 with pref +--- + netwerk/base/public/security-prefs.js | 2 +- + security/manager/ssl/src/nsNSSComponent.cpp | 7 +++---- + 2 files changed, 4 insertions(+), 5 deletions(-) + +diff --git netwerk/base/public/security-prefs.js netwerk/base/public/security-prefs.js +index 352552e..c12731b 100644 +--- netwerk/base/public/security-prefs.js ++++ netwerk/base/public/security-prefs.js +@@ -2,7 +2,7 @@ + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +-pref("security.tls.version.min", 0); ++pref("security.tls.version.min", 1); + pref("security.tls.version.max", 3); + + pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false); +diff --git security/manager/ssl/src/nsNSSComponent.cpp security/manager/ssl/src/nsNSSComponent.cpp +index 8cab67b..772959d 100644 +--- security/manager/ssl/src/nsNSSComponent.cpp ++++ security/manager/ssl/src/nsNSSComponent.cpp +@@ -829,14 +829,13 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting, + mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc, pinningMode); + } + +-// Enable the TLS versions given in the prefs, defaulting to SSL 3.0 (min +-// version) and TLS 1.2 (max version) when the prefs aren't set or set to +-// invalid values. ++// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and ++// TLS 1.2 (max) when the prefs aren't set or set to invalid values. + nsresult + nsNSSComponent::setEnabledTLSVersions() + { + // keep these values in sync with security-prefs.js +- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 0; ++ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 1; + static const int32_t PSM_DEFAULT_MAX_TLS_VERSION = 3; + + int32_t minVersion = Preferences::GetInt("security.tls.version.min", Added: trunk/www/firefox-nightly/files/patch-bug1076983 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/www/firefox-nightly/files/patch-bug1076983 Wed Oct 15 02:24:39 2014 (r1731) @@ -0,0 +1,45 @@ +commit e10ee74 +Author: Martin Thomson <martin.thomson@gmail.com> +Date: Tue Oct 14 17:17:35 2014 -0700 + + Bug 1076983 - Disabling SSL 3.0 with pref +--- + netwerk/base/public/security-prefs.js | 2 +- + security/manager/ssl/src/nsNSSComponent.cpp | 7 +++---- + 2 files changed, 4 insertions(+), 5 deletions(-) + +diff --git netwerk/base/public/security-prefs.js netwerk/base/public/security-prefs.js +index 352552e..c12731b 100644 +--- netwerk/base/public/security-prefs.js ++++ netwerk/base/public/security-prefs.js +@@ -2,7 +2,7 @@ + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +-pref("security.tls.version.min", 0); ++pref("security.tls.version.min", 1); + pref("security.tls.version.max", 3); + + pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false); +diff --git security/manager/ssl/src/nsNSSComponent.cpp security/manager/ssl/src/nsNSSComponent.cpp +index 8cab67b..772959d 100644 +--- security/manager/ssl/src/nsNSSComponent.cpp ++++ security/manager/ssl/src/nsNSSComponent.cpp +@@ -829,14 +829,13 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting, + mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc, pinningMode); + } + +-// Enable the TLS versions given in the prefs, defaulting to SSL 3.0 (min +-// version) and TLS 1.2 (max version) when the prefs aren't set or set to +-// invalid values. ++// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and ++// TLS 1.2 (max) when the prefs aren't set or set to invalid values. + nsresult + nsNSSComponent::setEnabledTLSVersions() + { + // keep these values in sync with security-prefs.js +- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 0; ++ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 1; + static const int32_t PSM_DEFAULT_MAX_TLS_VERSION = 3; + + int32_t minVersion = Preferences::GetInt("security.tls.version.min", Added: trunk/www/firefox/files/patch-bug1076983 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/www/firefox/files/patch-bug1076983 Wed Oct 15 02:24:39 2014 (r1731) @@ -0,0 +1,45 @@ +commit e10ee74 +Author: Martin Thomson <martin.thomson@gmail.com> +Date: Tue Oct 14 17:17:35 2014 -0700 + + Bug 1076983 - Disabling SSL 3.0 with pref +--- + netwerk/base/public/security-prefs.js | 2 +- + security/manager/ssl/src/nsNSSComponent.cpp | 7 +++---- + 2 files changed, 4 insertions(+), 5 deletions(-) + +diff --git netwerk/base/public/security-prefs.js netwerk/base/public/security-prefs.js +index 352552e..c12731b 100644 +--- netwerk/base/public/security-prefs.js ++++ netwerk/base/public/security-prefs.js +@@ -2,7 +2,7 @@ + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +-pref("security.tls.version.min", 0); ++pref("security.tls.version.min", 1); + pref("security.tls.version.max", 3); + + pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false); +diff --git security/manager/ssl/src/nsNSSComponent.cpp security/manager/ssl/src/nsNSSComponent.cpp +index 8cab67b..772959d 100644 +--- security/manager/ssl/src/nsNSSComponent.cpp ++++ security/manager/ssl/src/nsNSSComponent.cpp +@@ -829,14 +829,13 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting, + mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc, pinningMode); + } + +-// Enable the TLS versions given in the prefs, defaulting to SSL 3.0 (min +-// version) and TLS 1.2 (max version) when the prefs aren't set or set to +-// invalid values. ++// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and ++// TLS 1.2 (max) when the prefs aren't set or set to invalid values. + nsresult + nsNSSComponent::setEnabledTLSVersions() + { + // keep these values in sync with security-prefs.js +- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 0; ++ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 1; + static const int32_t PSM_DEFAULT_MAX_TLS_VERSION = 3; + + int32_t minVersion = Preferences::GetInt("security.tls.version.min", Added: trunk/www/libxul/files/patch-bug1076983 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/www/libxul/files/patch-bug1076983 Wed Oct 15 02:24:39 2014 (r1731) @@ -0,0 +1,45 @@ +commit e10ee74 +Author: Martin Thomson <martin.thomson@gmail.com> +Date: Tue Oct 14 17:17:35 2014 -0700 + + Bug 1076983 - Disabling SSL 3.0 with pref +--- + netwerk/base/public/security-prefs.js | 2 +- + security/manager/ssl/src/nsNSSComponent.cpp | 7 +++---- + 2 files changed, 4 insertions(+), 5 deletions(-) + +diff --git netwerk/base/public/security-prefs.js netwerk/base/public/security-prefs.js +index 352552e..c12731b 100644 +--- netwerk/base/public/security-prefs.js ++++ netwerk/base/public/security-prefs.js +@@ -2,7 +2,7 @@ + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +-pref("security.tls.version.min", 0); ++pref("security.tls.version.min", 1); + pref("security.tls.version.max", 3); + + pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false); +diff --git security/manager/ssl/src/nsNSSComponent.cpp security/manager/ssl/src/nsNSSComponent.cpp +index 8cab67b..772959d 100644 +--- security/manager/ssl/src/nsNSSComponent.cpp ++++ security/manager/ssl/src/nsNSSComponent.cpp +@@ -829,14 +829,13 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting, + mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc, pinningMode); + } + +-// Enable the TLS versions given in the prefs, defaulting to SSL 3.0 (min +-// version) and TLS 1.2 (max version) when the prefs aren't set or set to +-// invalid values. ++// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and ++// TLS 1.2 (max) when the prefs aren't set or set to invalid values. + nsresult + nsNSSComponent::setEnabledTLSVersions() + { + // keep these values in sync with security-prefs.js +- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 0; ++ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 1; + static const int32_t PSM_DEFAULT_MAX_TLS_VERSION = 3; + + int32_t minVersion = Preferences::GetInt("security.tls.version.min", Added: trunk/www/seamonkey/files/patch-bug1076983 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ trunk/www/seamonkey/files/patch-bug1076983 Wed Oct 15 02:24:39 2014 (r1731) @@ -0,0 +1,45 @@ +commit e10ee74 +Author: Martin Thomson <martin.thomson@gmail.com> +Date: Tue Oct 14 17:17:35 2014 -0700 + + Bug 1076983 - Disabling SSL 3.0 with pref +--- + netwerk/base/public/security-prefs.js | 2 +- + security/manager/ssl/src/nsNSSComponent.cpp | 7 +++---- + 2 files changed, 4 insertions(+), 5 deletions(-) + +diff --git netwerk/base/public/security-prefs.js netwerk/base/public/security-prefs.js +index 352552e..c12731b 100644 +--- mozilla/netwerk/base/public/security-prefs.js ++++ mozilla/netwerk/base/public/security-prefs.js +@@ -2,7 +2,7 @@ + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +-pref("security.tls.version.min", 0); ++pref("security.tls.version.min", 1); + pref("security.tls.version.max", 3); + + pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false); +diff --git security/manager/ssl/src/nsNSSComponent.cpp security/manager/ssl/src/nsNSSComponent.cpp +index 8cab67b..772959d 100644 +--- mozilla/security/manager/ssl/src/nsNSSComponent.cpp ++++ mozilla/security/manager/ssl/src/nsNSSComponent.cpp +@@ -829,14 +829,13 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting, + mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc, pinningMode); + } + +-// Enable the TLS versions given in the prefs, defaulting to SSL 3.0 (min +-// version) and TLS 1.2 (max version) when the prefs aren't set or set to +-// invalid values. ++// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and ++// TLS 1.2 (max) when the prefs aren't set or set to invalid values. + nsresult + nsNSSComponent::setEnabledTLSVersions() + { + // keep these values in sync with security-prefs.js +- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 0; ++ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 1; + static const int32_t PSM_DEFAULT_MAX_TLS_VERSION = 3; + + int32_t minVersion = Preferences::GetInt("security.tls.version.min",
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201410150224.s9F2OemT092255>