[SVN-Commit] r1731 - branches/firefox33/mail/thunderbird/files branches/firefox33/www/firefox-esr/files branches/firefox33/www/firefox-nightly/files branches/firefox33/www/firefox/files branches/firefox33/www/libxul/files branches/firefox33/www/seamonkey/files trunk/mail/thunderbird/files trunk/www/firefox-esr/files trunk/www/firefox-nightly/files trunk/www/firefox/files trunk/www/libxul/files trunk/www/seamonkey/files
svn-freebsd-gecko at chruetertee.ch
svn-freebsd-gecko at chruetertee.ch
Wed Oct 15 02:24:48 UTC 2014
Author: jbeich
Date: Wed Oct 15 02:24:39 2014
New Revision: 1731
Log:
apply poodle fix to avoid waiting for release channels
Reported by: des
Added:
branches/firefox33/mail/thunderbird/files/patch-bug1076983
branches/firefox33/www/firefox-esr/files/patch-bug1076983
branches/firefox33/www/firefox-nightly/files/patch-bug1076983
branches/firefox33/www/firefox/files/patch-bug1076983
branches/firefox33/www/libxul/files/patch-bug1076983
branches/firefox33/www/seamonkey/files/patch-bug1076983
trunk/mail/thunderbird/files/patch-bug1076983
trunk/www/firefox-esr/files/patch-bug1076983
trunk/www/firefox-nightly/files/patch-bug1076983
trunk/www/firefox/files/patch-bug1076983
trunk/www/libxul/files/patch-bug1076983
trunk/www/seamonkey/files/patch-bug1076983
Added: branches/firefox33/mail/thunderbird/files/patch-bug1076983
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/firefox33/mail/thunderbird/files/patch-bug1076983 Wed Oct 15 02:24:39 2014 (r1731)
@@ -0,0 +1,45 @@
+commit e10ee74
+Author: Martin Thomson <martin.thomson at gmail.com>
+Date: Tue Oct 14 17:17:35 2014 -0700
+
+ Bug 1076983 - Disabling SSL 3.0 with pref
+---
+ netwerk/base/public/security-prefs.js | 2 +-
+ security/manager/ssl/src/nsNSSComponent.cpp | 7 +++----
+ 2 files changed, 4 insertions(+), 5 deletions(-)
+
+diff --git netwerk/base/public/security-prefs.js netwerk/base/public/security-prefs.js
+index 352552e..c12731b 100644
+--- mozilla/netwerk/base/public/security-prefs.js
++++ mozilla/netwerk/base/public/security-prefs.js
+@@ -2,7 +2,7 @@
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+-pref("security.tls.version.min", 0);
++pref("security.tls.version.min", 1);
+ pref("security.tls.version.max", 3);
+
+ pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false);
+diff --git security/manager/ssl/src/nsNSSComponent.cpp security/manager/ssl/src/nsNSSComponent.cpp
+index 8cab67b..772959d 100644
+--- mozilla/security/manager/ssl/src/nsNSSComponent.cpp
++++ mozilla/security/manager/ssl/src/nsNSSComponent.cpp
+@@ -829,14 +829,13 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting,
+ mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc, pinningMode);
+ }
+
+-// Enable the TLS versions given in the prefs, defaulting to SSL 3.0 (min
+-// version) and TLS 1.2 (max version) when the prefs aren't set or set to
+-// invalid values.
++// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and
++// TLS 1.2 (max) when the prefs aren't set or set to invalid values.
+ nsresult
+ nsNSSComponent::setEnabledTLSVersions()
+ {
+ // keep these values in sync with security-prefs.js
+- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 0;
++ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 1;
+ static const int32_t PSM_DEFAULT_MAX_TLS_VERSION = 3;
+
+ int32_t minVersion = Preferences::GetInt("security.tls.version.min",
Added: branches/firefox33/www/firefox-esr/files/patch-bug1076983
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/firefox33/www/firefox-esr/files/patch-bug1076983 Wed Oct 15 02:24:39 2014 (r1731)
@@ -0,0 +1,45 @@
+commit e10ee74
+Author: Martin Thomson <martin.thomson at gmail.com>
+Date: Tue Oct 14 17:17:35 2014 -0700
+
+ Bug 1076983 - Disabling SSL 3.0 with pref
+---
+ netwerk/base/public/security-prefs.js | 2 +-
+ security/manager/ssl/src/nsNSSComponent.cpp | 7 +++----
+ 2 files changed, 4 insertions(+), 5 deletions(-)
+
+diff --git netwerk/base/public/security-prefs.js netwerk/base/public/security-prefs.js
+index 352552e..c12731b 100644
+--- netwerk/base/public/security-prefs.js
++++ netwerk/base/public/security-prefs.js
+@@ -2,7 +2,7 @@
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+-pref("security.tls.version.min", 0);
++pref("security.tls.version.min", 1);
+ pref("security.tls.version.max", 3);
+
+ pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false);
+diff --git security/manager/ssl/src/nsNSSComponent.cpp security/manager/ssl/src/nsNSSComponent.cpp
+index 8cab67b..772959d 100644
+--- security/manager/ssl/src/nsNSSComponent.cpp
++++ security/manager/ssl/src/nsNSSComponent.cpp
+@@ -829,14 +829,13 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting,
+ mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc, pinningMode);
+ }
+
+-// Enable the TLS versions given in the prefs, defaulting to SSL 3.0 (min
+-// version) and TLS 1.2 (max version) when the prefs aren't set or set to
+-// invalid values.
++// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and
++// TLS 1.2 (max) when the prefs aren't set or set to invalid values.
+ nsresult
+ nsNSSComponent::setEnabledTLSVersions()
+ {
+ // keep these values in sync with security-prefs.js
+- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 0;
++ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 1;
+ static const int32_t PSM_DEFAULT_MAX_TLS_VERSION = 3;
+
+ int32_t minVersion = Preferences::GetInt("security.tls.version.min",
Added: branches/firefox33/www/firefox-nightly/files/patch-bug1076983
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/firefox33/www/firefox-nightly/files/patch-bug1076983 Wed Oct 15 02:24:39 2014 (r1731)
@@ -0,0 +1,45 @@
+commit e10ee74
+Author: Martin Thomson <martin.thomson at gmail.com>
+Date: Tue Oct 14 17:17:35 2014 -0700
+
+ Bug 1076983 - Disabling SSL 3.0 with pref
+---
+ netwerk/base/public/security-prefs.js | 2 +-
+ security/manager/ssl/src/nsNSSComponent.cpp | 7 +++----
+ 2 files changed, 4 insertions(+), 5 deletions(-)
+
+diff --git netwerk/base/public/security-prefs.js netwerk/base/public/security-prefs.js
+index 352552e..c12731b 100644
+--- netwerk/base/public/security-prefs.js
++++ netwerk/base/public/security-prefs.js
+@@ -2,7 +2,7 @@
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+-pref("security.tls.version.min", 0);
++pref("security.tls.version.min", 1);
+ pref("security.tls.version.max", 3);
+
+ pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false);
+diff --git security/manager/ssl/src/nsNSSComponent.cpp security/manager/ssl/src/nsNSSComponent.cpp
+index 8cab67b..772959d 100644
+--- security/manager/ssl/src/nsNSSComponent.cpp
++++ security/manager/ssl/src/nsNSSComponent.cpp
+@@ -829,14 +829,13 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting,
+ mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc, pinningMode);
+ }
+
+-// Enable the TLS versions given in the prefs, defaulting to SSL 3.0 (min
+-// version) and TLS 1.2 (max version) when the prefs aren't set or set to
+-// invalid values.
++// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and
++// TLS 1.2 (max) when the prefs aren't set or set to invalid values.
+ nsresult
+ nsNSSComponent::setEnabledTLSVersions()
+ {
+ // keep these values in sync with security-prefs.js
+- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 0;
++ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 1;
+ static const int32_t PSM_DEFAULT_MAX_TLS_VERSION = 3;
+
+ int32_t minVersion = Preferences::GetInt("security.tls.version.min",
Added: branches/firefox33/www/firefox/files/patch-bug1076983
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/firefox33/www/firefox/files/patch-bug1076983 Wed Oct 15 02:24:39 2014 (r1731)
@@ -0,0 +1,45 @@
+commit e10ee74
+Author: Martin Thomson <martin.thomson at gmail.com>
+Date: Tue Oct 14 17:17:35 2014 -0700
+
+ Bug 1076983 - Disabling SSL 3.0 with pref
+---
+ netwerk/base/public/security-prefs.js | 2 +-
+ security/manager/ssl/src/nsNSSComponent.cpp | 7 +++----
+ 2 files changed, 4 insertions(+), 5 deletions(-)
+
+diff --git netwerk/base/public/security-prefs.js netwerk/base/public/security-prefs.js
+index 352552e..c12731b 100644
+--- netwerk/base/public/security-prefs.js
++++ netwerk/base/public/security-prefs.js
+@@ -2,7 +2,7 @@
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+-pref("security.tls.version.min", 0);
++pref("security.tls.version.min", 1);
+ pref("security.tls.version.max", 3);
+
+ pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false);
+diff --git security/manager/ssl/src/nsNSSComponent.cpp security/manager/ssl/src/nsNSSComponent.cpp
+index 8cab67b..772959d 100644
+--- security/manager/ssl/src/nsNSSComponent.cpp
++++ security/manager/ssl/src/nsNSSComponent.cpp
+@@ -829,14 +829,13 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting,
+ mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc, pinningMode);
+ }
+
+-// Enable the TLS versions given in the prefs, defaulting to SSL 3.0 (min
+-// version) and TLS 1.2 (max version) when the prefs aren't set or set to
+-// invalid values.
++// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and
++// TLS 1.2 (max) when the prefs aren't set or set to invalid values.
+ nsresult
+ nsNSSComponent::setEnabledTLSVersions()
+ {
+ // keep these values in sync with security-prefs.js
+- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 0;
++ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 1;
+ static const int32_t PSM_DEFAULT_MAX_TLS_VERSION = 3;
+
+ int32_t minVersion = Preferences::GetInt("security.tls.version.min",
Added: branches/firefox33/www/libxul/files/patch-bug1076983
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/firefox33/www/libxul/files/patch-bug1076983 Wed Oct 15 02:24:39 2014 (r1731)
@@ -0,0 +1,45 @@
+commit e10ee74
+Author: Martin Thomson <martin.thomson at gmail.com>
+Date: Tue Oct 14 17:17:35 2014 -0700
+
+ Bug 1076983 - Disabling SSL 3.0 with pref
+---
+ netwerk/base/public/security-prefs.js | 2 +-
+ security/manager/ssl/src/nsNSSComponent.cpp | 7 +++----
+ 2 files changed, 4 insertions(+), 5 deletions(-)
+
+diff --git netwerk/base/public/security-prefs.js netwerk/base/public/security-prefs.js
+index 352552e..c12731b 100644
+--- netwerk/base/public/security-prefs.js
++++ netwerk/base/public/security-prefs.js
+@@ -2,7 +2,7 @@
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+-pref("security.tls.version.min", 0);
++pref("security.tls.version.min", 1);
+ pref("security.tls.version.max", 3);
+
+ pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false);
+diff --git security/manager/ssl/src/nsNSSComponent.cpp security/manager/ssl/src/nsNSSComponent.cpp
+index 8cab67b..772959d 100644
+--- security/manager/ssl/src/nsNSSComponent.cpp
++++ security/manager/ssl/src/nsNSSComponent.cpp
+@@ -829,14 +829,13 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting,
+ mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc, pinningMode);
+ }
+
+-// Enable the TLS versions given in the prefs, defaulting to SSL 3.0 (min
+-// version) and TLS 1.2 (max version) when the prefs aren't set or set to
+-// invalid values.
++// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and
++// TLS 1.2 (max) when the prefs aren't set or set to invalid values.
+ nsresult
+ nsNSSComponent::setEnabledTLSVersions()
+ {
+ // keep these values in sync with security-prefs.js
+- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 0;
++ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 1;
+ static const int32_t PSM_DEFAULT_MAX_TLS_VERSION = 3;
+
+ int32_t minVersion = Preferences::GetInt("security.tls.version.min",
Added: branches/firefox33/www/seamonkey/files/patch-bug1076983
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ branches/firefox33/www/seamonkey/files/patch-bug1076983 Wed Oct 15 02:24:39 2014 (r1731)
@@ -0,0 +1,45 @@
+commit e10ee74
+Author: Martin Thomson <martin.thomson at gmail.com>
+Date: Tue Oct 14 17:17:35 2014 -0700
+
+ Bug 1076983 - Disabling SSL 3.0 with pref
+---
+ netwerk/base/public/security-prefs.js | 2 +-
+ security/manager/ssl/src/nsNSSComponent.cpp | 7 +++----
+ 2 files changed, 4 insertions(+), 5 deletions(-)
+
+diff --git netwerk/base/public/security-prefs.js netwerk/base/public/security-prefs.js
+index 352552e..c12731b 100644
+--- mozilla/netwerk/base/public/security-prefs.js
++++ mozilla/netwerk/base/public/security-prefs.js
+@@ -2,7 +2,7 @@
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+-pref("security.tls.version.min", 0);
++pref("security.tls.version.min", 1);
+ pref("security.tls.version.max", 3);
+
+ pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false);
+diff --git security/manager/ssl/src/nsNSSComponent.cpp security/manager/ssl/src/nsNSSComponent.cpp
+index 8cab67b..772959d 100644
+--- mozilla/security/manager/ssl/src/nsNSSComponent.cpp
++++ mozilla/security/manager/ssl/src/nsNSSComponent.cpp
+@@ -829,14 +829,13 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting,
+ mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc, pinningMode);
+ }
+
+-// Enable the TLS versions given in the prefs, defaulting to SSL 3.0 (min
+-// version) and TLS 1.2 (max version) when the prefs aren't set or set to
+-// invalid values.
++// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and
++// TLS 1.2 (max) when the prefs aren't set or set to invalid values.
+ nsresult
+ nsNSSComponent::setEnabledTLSVersions()
+ {
+ // keep these values in sync with security-prefs.js
+- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 0;
++ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 1;
+ static const int32_t PSM_DEFAULT_MAX_TLS_VERSION = 3;
+
+ int32_t minVersion = Preferences::GetInt("security.tls.version.min",
Added: trunk/mail/thunderbird/files/patch-bug1076983
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/mail/thunderbird/files/patch-bug1076983 Wed Oct 15 02:24:39 2014 (r1731)
@@ -0,0 +1,45 @@
+commit e10ee74
+Author: Martin Thomson <martin.thomson at gmail.com>
+Date: Tue Oct 14 17:17:35 2014 -0700
+
+ Bug 1076983 - Disabling SSL 3.0 with pref
+---
+ netwerk/base/public/security-prefs.js | 2 +-
+ security/manager/ssl/src/nsNSSComponent.cpp | 7 +++----
+ 2 files changed, 4 insertions(+), 5 deletions(-)
+
+diff --git netwerk/base/public/security-prefs.js netwerk/base/public/security-prefs.js
+index 352552e..c12731b 100644
+--- mozilla/netwerk/base/public/security-prefs.js
++++ mozilla/netwerk/base/public/security-prefs.js
+@@ -2,7 +2,7 @@
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+-pref("security.tls.version.min", 0);
++pref("security.tls.version.min", 1);
+ pref("security.tls.version.max", 3);
+
+ pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false);
+diff --git security/manager/ssl/src/nsNSSComponent.cpp security/manager/ssl/src/nsNSSComponent.cpp
+index 8cab67b..772959d 100644
+--- mozilla/security/manager/ssl/src/nsNSSComponent.cpp
++++ mozilla/security/manager/ssl/src/nsNSSComponent.cpp
+@@ -829,14 +829,13 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting,
+ mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc, pinningMode);
+ }
+
+-// Enable the TLS versions given in the prefs, defaulting to SSL 3.0 (min
+-// version) and TLS 1.2 (max version) when the prefs aren't set or set to
+-// invalid values.
++// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and
++// TLS 1.2 (max) when the prefs aren't set or set to invalid values.
+ nsresult
+ nsNSSComponent::setEnabledTLSVersions()
+ {
+ // keep these values in sync with security-prefs.js
+- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 0;
++ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 1;
+ static const int32_t PSM_DEFAULT_MAX_TLS_VERSION = 3;
+
+ int32_t minVersion = Preferences::GetInt("security.tls.version.min",
Added: trunk/www/firefox-esr/files/patch-bug1076983
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/www/firefox-esr/files/patch-bug1076983 Wed Oct 15 02:24:39 2014 (r1731)
@@ -0,0 +1,45 @@
+commit e10ee74
+Author: Martin Thomson <martin.thomson at gmail.com>
+Date: Tue Oct 14 17:17:35 2014 -0700
+
+ Bug 1076983 - Disabling SSL 3.0 with pref
+---
+ netwerk/base/public/security-prefs.js | 2 +-
+ security/manager/ssl/src/nsNSSComponent.cpp | 7 +++----
+ 2 files changed, 4 insertions(+), 5 deletions(-)
+
+diff --git netwerk/base/public/security-prefs.js netwerk/base/public/security-prefs.js
+index 352552e..c12731b 100644
+--- netwerk/base/public/security-prefs.js
++++ netwerk/base/public/security-prefs.js
+@@ -2,7 +2,7 @@
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+-pref("security.tls.version.min", 0);
++pref("security.tls.version.min", 1);
+ pref("security.tls.version.max", 3);
+
+ pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false);
+diff --git security/manager/ssl/src/nsNSSComponent.cpp security/manager/ssl/src/nsNSSComponent.cpp
+index 8cab67b..772959d 100644
+--- security/manager/ssl/src/nsNSSComponent.cpp
++++ security/manager/ssl/src/nsNSSComponent.cpp
+@@ -829,14 +829,13 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting,
+ mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc, pinningMode);
+ }
+
+-// Enable the TLS versions given in the prefs, defaulting to SSL 3.0 (min
+-// version) and TLS 1.2 (max version) when the prefs aren't set or set to
+-// invalid values.
++// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and
++// TLS 1.2 (max) when the prefs aren't set or set to invalid values.
+ nsresult
+ nsNSSComponent::setEnabledTLSVersions()
+ {
+ // keep these values in sync with security-prefs.js
+- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 0;
++ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 1;
+ static const int32_t PSM_DEFAULT_MAX_TLS_VERSION = 3;
+
+ int32_t minVersion = Preferences::GetInt("security.tls.version.min",
Added: trunk/www/firefox-nightly/files/patch-bug1076983
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/www/firefox-nightly/files/patch-bug1076983 Wed Oct 15 02:24:39 2014 (r1731)
@@ -0,0 +1,45 @@
+commit e10ee74
+Author: Martin Thomson <martin.thomson at gmail.com>
+Date: Tue Oct 14 17:17:35 2014 -0700
+
+ Bug 1076983 - Disabling SSL 3.0 with pref
+---
+ netwerk/base/public/security-prefs.js | 2 +-
+ security/manager/ssl/src/nsNSSComponent.cpp | 7 +++----
+ 2 files changed, 4 insertions(+), 5 deletions(-)
+
+diff --git netwerk/base/public/security-prefs.js netwerk/base/public/security-prefs.js
+index 352552e..c12731b 100644
+--- netwerk/base/public/security-prefs.js
++++ netwerk/base/public/security-prefs.js
+@@ -2,7 +2,7 @@
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+-pref("security.tls.version.min", 0);
++pref("security.tls.version.min", 1);
+ pref("security.tls.version.max", 3);
+
+ pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false);
+diff --git security/manager/ssl/src/nsNSSComponent.cpp security/manager/ssl/src/nsNSSComponent.cpp
+index 8cab67b..772959d 100644
+--- security/manager/ssl/src/nsNSSComponent.cpp
++++ security/manager/ssl/src/nsNSSComponent.cpp
+@@ -829,14 +829,13 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting,
+ mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc, pinningMode);
+ }
+
+-// Enable the TLS versions given in the prefs, defaulting to SSL 3.0 (min
+-// version) and TLS 1.2 (max version) when the prefs aren't set or set to
+-// invalid values.
++// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and
++// TLS 1.2 (max) when the prefs aren't set or set to invalid values.
+ nsresult
+ nsNSSComponent::setEnabledTLSVersions()
+ {
+ // keep these values in sync with security-prefs.js
+- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 0;
++ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 1;
+ static const int32_t PSM_DEFAULT_MAX_TLS_VERSION = 3;
+
+ int32_t minVersion = Preferences::GetInt("security.tls.version.min",
Added: trunk/www/firefox/files/patch-bug1076983
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/www/firefox/files/patch-bug1076983 Wed Oct 15 02:24:39 2014 (r1731)
@@ -0,0 +1,45 @@
+commit e10ee74
+Author: Martin Thomson <martin.thomson at gmail.com>
+Date: Tue Oct 14 17:17:35 2014 -0700
+
+ Bug 1076983 - Disabling SSL 3.0 with pref
+---
+ netwerk/base/public/security-prefs.js | 2 +-
+ security/manager/ssl/src/nsNSSComponent.cpp | 7 +++----
+ 2 files changed, 4 insertions(+), 5 deletions(-)
+
+diff --git netwerk/base/public/security-prefs.js netwerk/base/public/security-prefs.js
+index 352552e..c12731b 100644
+--- netwerk/base/public/security-prefs.js
++++ netwerk/base/public/security-prefs.js
+@@ -2,7 +2,7 @@
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+-pref("security.tls.version.min", 0);
++pref("security.tls.version.min", 1);
+ pref("security.tls.version.max", 3);
+
+ pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false);
+diff --git security/manager/ssl/src/nsNSSComponent.cpp security/manager/ssl/src/nsNSSComponent.cpp
+index 8cab67b..772959d 100644
+--- security/manager/ssl/src/nsNSSComponent.cpp
++++ security/manager/ssl/src/nsNSSComponent.cpp
+@@ -829,14 +829,13 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting,
+ mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc, pinningMode);
+ }
+
+-// Enable the TLS versions given in the prefs, defaulting to SSL 3.0 (min
+-// version) and TLS 1.2 (max version) when the prefs aren't set or set to
+-// invalid values.
++// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and
++// TLS 1.2 (max) when the prefs aren't set or set to invalid values.
+ nsresult
+ nsNSSComponent::setEnabledTLSVersions()
+ {
+ // keep these values in sync with security-prefs.js
+- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 0;
++ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 1;
+ static const int32_t PSM_DEFAULT_MAX_TLS_VERSION = 3;
+
+ int32_t minVersion = Preferences::GetInt("security.tls.version.min",
Added: trunk/www/libxul/files/patch-bug1076983
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/www/libxul/files/patch-bug1076983 Wed Oct 15 02:24:39 2014 (r1731)
@@ -0,0 +1,45 @@
+commit e10ee74
+Author: Martin Thomson <martin.thomson at gmail.com>
+Date: Tue Oct 14 17:17:35 2014 -0700
+
+ Bug 1076983 - Disabling SSL 3.0 with pref
+---
+ netwerk/base/public/security-prefs.js | 2 +-
+ security/manager/ssl/src/nsNSSComponent.cpp | 7 +++----
+ 2 files changed, 4 insertions(+), 5 deletions(-)
+
+diff --git netwerk/base/public/security-prefs.js netwerk/base/public/security-prefs.js
+index 352552e..c12731b 100644
+--- netwerk/base/public/security-prefs.js
++++ netwerk/base/public/security-prefs.js
+@@ -2,7 +2,7 @@
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+-pref("security.tls.version.min", 0);
++pref("security.tls.version.min", 1);
+ pref("security.tls.version.max", 3);
+
+ pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false);
+diff --git security/manager/ssl/src/nsNSSComponent.cpp security/manager/ssl/src/nsNSSComponent.cpp
+index 8cab67b..772959d 100644
+--- security/manager/ssl/src/nsNSSComponent.cpp
++++ security/manager/ssl/src/nsNSSComponent.cpp
+@@ -829,14 +829,13 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting,
+ mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc, pinningMode);
+ }
+
+-// Enable the TLS versions given in the prefs, defaulting to SSL 3.0 (min
+-// version) and TLS 1.2 (max version) when the prefs aren't set or set to
+-// invalid values.
++// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and
++// TLS 1.2 (max) when the prefs aren't set or set to invalid values.
+ nsresult
+ nsNSSComponent::setEnabledTLSVersions()
+ {
+ // keep these values in sync with security-prefs.js
+- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 0;
++ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 1;
+ static const int32_t PSM_DEFAULT_MAX_TLS_VERSION = 3;
+
+ int32_t minVersion = Preferences::GetInt("security.tls.version.min",
Added: trunk/www/seamonkey/files/patch-bug1076983
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ trunk/www/seamonkey/files/patch-bug1076983 Wed Oct 15 02:24:39 2014 (r1731)
@@ -0,0 +1,45 @@
+commit e10ee74
+Author: Martin Thomson <martin.thomson at gmail.com>
+Date: Tue Oct 14 17:17:35 2014 -0700
+
+ Bug 1076983 - Disabling SSL 3.0 with pref
+---
+ netwerk/base/public/security-prefs.js | 2 +-
+ security/manager/ssl/src/nsNSSComponent.cpp | 7 +++----
+ 2 files changed, 4 insertions(+), 5 deletions(-)
+
+diff --git netwerk/base/public/security-prefs.js netwerk/base/public/security-prefs.js
+index 352552e..c12731b 100644
+--- mozilla/netwerk/base/public/security-prefs.js
++++ mozilla/netwerk/base/public/security-prefs.js
+@@ -2,7 +2,7 @@
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+-pref("security.tls.version.min", 0);
++pref("security.tls.version.min", 1);
+ pref("security.tls.version.max", 3);
+
+ pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false);
+diff --git security/manager/ssl/src/nsNSSComponent.cpp security/manager/ssl/src/nsNSSComponent.cpp
+index 8cab67b..772959d 100644
+--- mozilla/security/manager/ssl/src/nsNSSComponent.cpp
++++ mozilla/security/manager/ssl/src/nsNSSComponent.cpp
+@@ -829,14 +829,13 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting,
+ mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc, pinningMode);
+ }
+
+-// Enable the TLS versions given in the prefs, defaulting to SSL 3.0 (min
+-// version) and TLS 1.2 (max version) when the prefs aren't set or set to
+-// invalid values.
++// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and
++// TLS 1.2 (max) when the prefs aren't set or set to invalid values.
+ nsresult
+ nsNSSComponent::setEnabledTLSVersions()
+ {
+ // keep these values in sync with security-prefs.js
+- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 0;
++ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 1;
+ static const int32_t PSM_DEFAULT_MAX_TLS_VERSION = 3;
+
+ int32_t minVersion = Preferences::GetInt("security.tls.version.min",
More information about the freebsd-gecko
mailing list