Bug 1168635 - Extend nsITLSServerSocket to customize cipher suites. r=keeler

This commit is contained in:
Masatoshi Kimura 2015-10-15 05:48:26 +09:00
parent 02250fd562
commit b53489bfe5
2 changed files with 35 additions and 1 deletions

View File

@ -222,6 +222,31 @@ TLSServerSocket::SetRequestClientCertificate(uint32_t aMode)
return NS_OK;
}
NS_IMETHODIMP
TLSServerSocket::SetCipherSuites(uint16_t* aCipherSuites, uint32_t aLength)
{
// If AsyncListen was already called (and set mListener), it's too late to set
// this.
if (NS_WARN_IF(mListener)) {
return NS_ERROR_IN_PROGRESS;
}
for (uint16_t i = 0; i < SSL_NumImplementedCiphers; ++i) {
uint16_t cipher_id = SSL_ImplementedCiphers[i];
if (SSL_CipherPrefSet(mFD, cipher_id, false) != SECSuccess) {
return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
}
}
for (uint32_t i = 0; i < aLength; ++i) {
if (SSL_CipherPrefSet(mFD, aCipherSuites[i], true) != SECSuccess) {
return mozilla::psm::GetXPCOMFromNSSError(PR_GetError());
}
}
return NS_OK;
}
//-----------------------------------------------------------------------------
// TLSServerConnectionInfo
//-----------------------------------------------------------------------------

View File

@ -8,7 +8,7 @@ interface nsIX509Cert;
interface nsITLSServerSecurityObserver;
interface nsISocketTransport;
[scriptable, uuid(2e025b6c-96ba-4781-85fb-d1cf1a653207)]
[scriptable, uuid(cc2c30f9-cfaa-4b8a-bd44-c24881981b74)]
interface nsITLSServerSocket : nsIServerSocket
{
/**
@ -60,6 +60,15 @@ interface nsITLSServerSocket : nsIServerSocket
* change the default.
*/
void setRequestClientCertificate(in unsigned long aRequestClientCert);
/**
* setCipherSuites
*
* The server's cipher suites that is used by the TLS handshake.
* This is required to be set before calling |asyncListen|.
*/
void setCipherSuites([array, size_is(aLength)] in unsigned short aCipherSuites,
in unsigned long aLength);
};
/**