1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
|
commit e10ee74
Author: Martin Thomson <martin.thomson@gmail.com>
Date: Tue Oct 14 17:17:35 2014 -0700
Bug 1076983 - Disabling SSL 3.0 with pref
---
netwerk/base/public/security-prefs.js | 2 +-
security/manager/ssl/src/nsNSSComponent.cpp | 7 +++----
2 files changed, 4 insertions(+), 5 deletions(-)
diff --git netwerk/base/public/security-prefs.js netwerk/base/public/security-prefs.js
index 352552e..c12731b 100644
--- netwerk/base/public/security-prefs.js
+++ netwerk/base/public/security-prefs.js
@@ -2,7 +2,7 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-pref("security.tls.version.min", 0);
+pref("security.tls.version.min", 1);
pref("security.tls.version.max", 3);
pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false);
diff --git security/manager/ssl/src/nsNSSComponent.cpp security/manager/ssl/src/nsNSSComponent.cpp
index 8cab67b..772959d 100644
--- security/manager/ssl/src/nsNSSComponent.cpp
+++ security/manager/ssl/src/nsNSSComponent.cpp
@@ -829,14 +829,13 @@ void nsNSSComponent::setValidationOptions(bool isInitialSetting,
mDefaultCertVerifier = new SharedCertVerifier(odc, osc, ogc, pinningMode);
}
-// Enable the TLS versions given in the prefs, defaulting to SSL 3.0 (min
-// version) and TLS 1.2 (max version) when the prefs aren't set or set to
-// invalid values.
+// Enable the TLS versions given in the prefs, defaulting to TLS 1.0 (min) and
+// TLS 1.2 (max) when the prefs aren't set or set to invalid values.
nsresult
nsNSSComponent::setEnabledTLSVersions()
{
// keep these values in sync with security-prefs.js
- static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 0;
+ static const int32_t PSM_DEFAULT_MIN_TLS_VERSION = 1;
static const int32_t PSM_DEFAULT_MAX_TLS_VERSION = 3;
int32_t minVersion = Preferences::GetInt("security.tls.version.min",
|
