Rietveld Code Review Tool
Help | Bug tracker | Discussion group | Source code | Sign in
(1579)

Unified Diff: cmd/tstclnt/tstclnt.c

Issue 290970043: Bug 1252849 - Remove export-grade cipher suites
Patch Set: Initialize keyData[] and random[] to zero Created 8 years ago
Use n/p to move between diff chunks; N/P to move between comments. Please Sign in to add in-line comments.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « cmd/strsclnt/strsclnt.c ('k') | cmd/vfyserv/vfyutil.c » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: cmd/tstclnt/tstclnt.c
diff --git a/cmd/tstclnt/tstclnt.c b/cmd/tstclnt/tstclnt.c
index a5930b889f6e193f6265ada0954d775d87fd0dfb..ef8926c2c9f97581365d2f37d36755dc27578408 100644
--- a/cmd/tstclnt/tstclnt.c
+++ b/cmd/tstclnt/tstclnt.c
@@ -62,14 +62,14 @@ int ssl3CipherSuites[] = {
TLS_RSA_WITH_RC4_128_MD5, /* c */
TLS_RSA_WITH_3DES_EDE_CBC_SHA, /* d */
TLS_RSA_WITH_DES_CBC_SHA, /* e */
- TLS_RSA_EXPORT_WITH_RC4_40_MD5, /* f */
- TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, /* g */
+ -1, /* TLS_RSA_EXPORT_WITH_RC4_40_MD5, * f */
+ -1, /* TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5, * g */
-1, /* SSL_FORTEZZA_DMS_WITH_NULL_SHA, * h */
TLS_RSA_WITH_NULL_MD5, /* i */
SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, /* j */
SSL_RSA_FIPS_WITH_DES_CBC_SHA, /* k */
- TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, /* l */
- TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, /* m */
+ -1, /* TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA, * l */
+ -1, /* TLS_RSA_EXPORT1024_WITH_RC4_56_SHA, * m */
TLS_RSA_WITH_RC4_128_SHA, /* n */
TLS_DHE_DSS_WITH_RC4_128_SHA, /* o */
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA, /* p */
@@ -220,7 +220,6 @@ static void PrintParameterUsage(void)
fprintf(stderr, "%-20s Override bad server cert. Make it OK.\n", "-o");
fprintf(stderr, "%-20s Disable SSL socket locking.\n", "-s");
fprintf(stderr, "%-20s Verbose progress reporting.\n", "-v");
- fprintf(stderr, "%-20s Use export policy.\n", "-x");
fprintf(stderr, "%-20s Ping the server and then exit.\n", "-q");
fprintf(stderr, "%-20s Timeout for server ping (default: no timeout).\n", "-t seconds");
fprintf(stderr, "%-20s Renegotiate N times (resuming session if N>1).\n", "-r N");
@@ -266,13 +265,9 @@ static void PrintCipherUsage(const char *progName)
"c SSL3 RSA WITH RC4 128 MD5\n"
"d SSL3 RSA WITH 3DES EDE CBC SHA\n"
"e SSL3 RSA WITH DES CBC SHA\n"
-"f SSL3 RSA EXPORT WITH RC4 40 MD5\n"
-"g SSL3 RSA EXPORT WITH RC2 CBC 40 MD5\n"
"i SSL3 RSA WITH NULL MD5\n"
"j SSL3 RSA FIPS WITH 3DES EDE CBC SHA\n"
"k SSL3 RSA FIPS WITH DES CBC SHA\n"
-"l SSL3 RSA EXPORT WITH DES CBC SHA\t(new)\n"
-"m SSL3 RSA EXPORT WITH RC4 56 SHA\t(new)\n"
"n SSL3 RSA WITH RC4 128 SHA\n"
"o SSL3 DHE DSS WITH RC4 128 SHA\n"
"p SSL3 DHE RSA WITH 3DES EDE CBC SHA\n"
@@ -905,7 +900,6 @@ int main(int argc, char **argv)
SSLVersionRange enabledVersions;
int bypassPKCS11 = 0;
int disableLocking = 0;
- int useExportPolicy = 0;
int enableSessionTickets = 0;
int enableCompression = 0;
int enableFalseStart = 0;
@@ -961,7 +955,7 @@ int main(int argc, char **argv)
SSL_VersionRangeGetSupported(ssl_variant_stream, &enabledVersions);
optstate = PL_CreateOptState(argc, argv,
- "46BCDFGKM:OR:STUV:W:Ya:bc:d:fgh:m:n:op:qr:st:uvw:xz");
+ "46BCDFGKM:OR:STUV:W:Ya:bc:d:fgh:m:n:op:qr:st:uvw:z");
while ((optstatus = PL_GetNextOpt(optstate)) == PL_OPT_OK) {
switch (optstate->option) {
case '?':
@@ -1079,8 +1073,6 @@ int main(int argc, char **argv)
pwdata.data = PORT_Strdup(optstate->value);
break;
- case 'x': useExportPolicy = 1; break;
-
case 'z': enableCompression = 1; break;
}
}
@@ -1225,12 +1217,6 @@ int main(int argc, char **argv)
SECMOD_AddNewModule("Builtins", rootModule, 0, 0);
}
- /* set the policy bits true for all the cipher suites. */
- if (useExportPolicy)
- NSS_SetExportPolicy();
- else
- NSS_SetDomesticPolicy();
-
/* all SSL3 cipher suites are enabled by default. */
if (cipherString) {
/* disable all the ciphers, then enable the ones we want. */
« no previous file with comments | « cmd/strsclnt/strsclnt.c ('k') | cmd/vfyserv/vfyutil.c » ('j') | no next file with comments »

Powered by Google App Engine
RSS Feeds Recent Issues | This issue
This is Rietveld f62528b