diff options
author | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-08-26 00:02:29 +0000 |
---|---|---|
committer | cfu <cfu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> | 2011-08-26 00:02:29 +0000 |
commit | 4f6928cc0493ede41e90b6fa4e1cde570bd17336 (patch) | |
tree | f73d03580d02af6455a388366474cdc98c4e0819 /pki/base/native-tools | |
parent | e90d291d9a737369587711eb6a879d700a3c5d7b (diff) | |
download | pki-4f6928cc0493ede41e90b6fa4e1cde570bd17336.tar.gz pki-4f6928cc0493ede41e90b6fa4e1cde570bd17336.tar.xz pki-4f6928cc0493ede41e90b6fa4e1cde570bd17336.zip |
Bugzilla 730146 - SSL handshake picks non-FIPS ciphers in FIPS mode
git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@2180 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
Diffstat (limited to 'pki/base/native-tools')
-rw-r--r-- | pki/base/native-tools/src/sslget/sslget.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/pki/base/native-tools/src/sslget/sslget.c b/pki/base/native-tools/src/sslget/sslget.c index f08b4cd93..5f4d448d7 100644 --- a/pki/base/native-tools/src/sslget/sslget.c +++ b/pki/base/native-tools/src/sslget/sslget.c @@ -521,7 +521,23 @@ client_main( NSS_SetDomesticPolicy(); /* all the SSL2 and SSL3 cipher suites are enabled by default. */ + + /* enable FIPS ciphers */ + SSL_CipherPrefSetDefault(0xc004 /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA */, PR_TRUE); + SSL_CipherPrefSetDefault(0xc003 /* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA */, PR_TRUE); SSL_CipherPrefSetDefault(0xC005 /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */, PR_TRUE); + SSL_CipherPrefSetDefault(0xc00a /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA */, PR_TRUE); + SSL_CipherPrefSetDefault(0x2f /* TLS_RSA_WITH_AES_128_CBC_SHA */, PR_TRUE); + SSL_CipherPrefSetDefault(0x35 /* TLS_RSA_WITH_AES_256_CBC_SHA */, PR_TRUE); + SSL_CipherPrefSetDefault(0xc008 /* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA */, PR_TRUE); + SSL_CipherPrefSetDefault(0xc009 /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA */, PR_TRUE); + SSL_CipherPrefSetDefault(0xc012 /* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA */, PR_TRUE); + SSL_CipherPrefSetDefault(0xc013 /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA */, PR_TRUE); + SSL_CipherPrefSetDefault(0xc014 /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */, PR_TRUE); + SSL_CipherPrefSetDefault(0x32 /* TLS_DHE_DSS_WITH_AES_128_CBC_SHA */, PR_TRUE); + SSL_CipherPrefSetDefault(0x38 /* TLS_DHE_DSS_WITH_AES_256_CBC_SHA */, PR_TRUE); + SSL_CipherPrefSetDefault(0x33 /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA */, PR_TRUE); + SSL_CipherPrefSetDefault(0x39 /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA */, PR_TRUE); /* * Rifle through the values for the host |