Skip to content

Commit bb63838

Browse files
jeremynjeremyn
committed
Use different default ciphers when using NSS
1 parent 2716d14 commit bb63838

1 file changed

Lines changed: 9 additions & 2 deletions

File tree

test/rules/src/https_everywhere_checker/http_client.py

Lines changed: 9 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,14 @@ def getCAPath(self, platform):
4444

4545
class FetchOptions(object):
4646
"""HTTP fetcher options like timeouts."""
47+
48+
# NSS cipher list from https://github.com/EFForg/https-everywhere/issues/5628#issuecomment-236050924
49+
_DEFAULT_CIPHERLIST_NSS = "rsa_3des_sha,rsa_des_sha,rsa_null_md5,rsa_null_sha,rsa_rc2_40_md5,rsa_rc4_128_md5,rsa_rc4_128_sha,rsa_rc4_40_md5,fips_des_sha,fips_3des_sha,rsa_des_56_sha,rsa_rc4_56_sha,rsa_aes_128_sha,rsa_aes_256_sha,rsa_aes_128_gcm_sha_256,dhe_rsa_aes_128_gcm_sha_256,ecdh_ecdsa_null_sha,ecdh_ecdsa_rc4_128_sha,ecdh_ecdsa_3des_sha,ecdh_ecdsa_aes_128_sha,ecdh_ecdsa_aes_256_sha,ecdhe_ecdsa_null_sha,ecdhe_ecdsa_rc4_128_sha,ecdhe_ecdsa_3des_sha,ecdhe_ecdsa_aes_128_sha,ecdhe_ecdsa_aes_256_sha,ecdh_rsa_null_sha,ecdh_rsa_128_sha,ecdh_rsa_3des_sha,ecdh_rsa_aes_128_sha,ecdh_rsa_aes_256_sha,echde_rsa_null,ecdhe_rsa_rc4_128_sha,ecdhe_rsa_3des_sha,ecdhe_rsa_aes_128_sha,ecdhe_rsa_aes_256_sha,ecdhe_ecdsa_aes_128_gcm_sha_256,ecdhe_rsa_aes_128_gcm_sha_256"
50+
51+
# The default list of cipher suites that ships with Firefox 35.0.1
52+
_DEFAULT_CIPHERLIST_OTHER = "RC4-MD5:RC4-SHA:DES-CBC3-SHA:AES128-SHA:AES256-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256"
53+
54+
_DEFAULT_CIPHERLIST = _DEFAULT_CIPHERLIST_NSS if re.search('NSS/\d+\.\d+', pycurl.version) else _DEFAULT_CIPHERLIST_OTHER
4755

4856
def __init__(self, config):
4957
"""Parse options from [http] section
@@ -58,8 +66,7 @@ def __init__(self, config):
5866
self.sslVersion = pycurl.SSLVERSION_DEFAULT
5967
self.useSubprocess = True
6068
self.staticCAPath = None
61-
# The default list of cipher suites that ships with Firefox 35.0.1
62-
self.cipherList = "RC4-MD5:RC4-SHA:DES-CBC3-SHA:AES128-SHA:AES256-SHA:DHE-DSS-AES128-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-RC4-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256"
69+
self.cipherList = self._DEFAULT_CIPHERLIST
6370

6471
if config.has_option("http", "user_agent"):
6572
self.userAgent = config.get("http", "user_agent")

0 commit comments

Comments
 (0)