Upgrade cipher variants to include at least SHA-384

[classilla]

NSS should support this once it is taught what the ciphers actually are. We can get this from ESR52 as a down payment towards a full NSS update in the near future. In particular, from security/nss/lib/ssl/sslproto.h,

#define TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 0xC023
#define TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 0xC024
#define TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256   0xC027
#define TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384   0xC028

#define TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 0xC02B
#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C
#define TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256  0xC02D
#define TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256   0xC02F
#define TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384   0xC030
#define TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256    0xC031

[classilla]

We should start with TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 and once that is working, consider adding the other variants.

[classilla]

esr52% grep -r TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 *
media/mtransport/transportlayerdtls.cpp:  TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
security/manager/ssl/nsNSSCallbacks.cpp:    case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: value = 13; break;
security/manager/ssl/nsNSSComponent.cpp:   TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, true },
security/nss/gtests/ssl_gtest/ssl_ciphersuite_unittest.cc:                          TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
security/nss/lib/ssl/ssl3con.c: { TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},
security/nss/lib/ssl/ssl3con.c:    {TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_ecdsa, ssl_hash_sha384},
security/nss/lib/ssl/ssl3con.c:        case TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384:
security/nss/lib/ssl/ssl3ecc.c:    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
security/nss/lib/ssl/sslenum.c:    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
security/nss/lib/ssl/sslproto.h:#define TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 0xC02C

[classilla]

We also need

esr52/security/% grep -r cipher_aes_256_gcm *
nss/lib/ssl/ssl3con.c:    {cipher_aes_256_gcm,  calg_aes_gcm,  32,32, type_aead,   4, 0,16, 8,
nss/lib/ssl/ssl3con.c:    {TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_dhe_rsa, ssl_hash_sha384},
nss/lib/ssl/ssl3con.c:    {TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_ecdsa, ssl_hash_sha384},
nss/lib/ssl/ssl3con.c:    {TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_ecdhe_rsa, ssl_hash_sha384},
nss/lib/ssl/ssl3con.c:    {TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_dhe_dss, ssl_hash_sha384},
nss/lib/ssl/ssl3con.c:    {TLS_RSA_WITH_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_rsa, ssl_hash_sha384},
nss/lib/ssl/ssl3con.c:    {TLS_AES_256_GCM_SHA384, cipher_aes_256_gcm, mac_aead, kea_tls13_any, ssl_hash_sha384},
nss/lib/ssl/sslimpl.h:    cipher_aes_256_gcm,

[classilla]

tenfourfox/security/% grep -r SEC_OID_AES_256 *
nss/lib/smime/smimeutil.c:    { SMIME_AES_CBC_256,      SEC_OID_AES_256_CBC,   NULL,            PR_TRUE, PR_TRUE }
nss/lib/smime/smimeutil.c:    case SEC_OID_AES_256_CBC:
nss/lib/softoken/lowpbe.c:    case SEC_OID_AES_256_CBC:
nss/lib/util/secoid.c:    OD( aes256_ECB, SEC_OID_AES_256_ECB,
nss/lib/util/secoid.c:    OD( aes256_CBC, SEC_OID_AES_256_CBC,
nss/lib/util/secoid.c:    OD( aes256_KEY_WRAP, SEC_OID_AES_256_KEY_WRAP,
nss/lib/util/secoidt.h:    SEC_OID_AES_256_ECB  = 187,
nss/lib/util/secoidt.h:    SEC_OID_AES_256_CBC  = 188,
nss/lib/util/secoidt.h:    SEC_OID_AES_256_KEY_WRAP     = 199,

esr52/security/% grep -r SEC_OID_AES_256 *
nss/lib/pk11wrap/pk11pars.c:    { CIPHER_NAME("AES256-CBC"), SEC_OID_AES_256_CBC, NSS_USE_ALG_IN_SSL },
nss/lib/pk11wrap/pk11pars.c:    { CIPHER_NAME("AES256-GCM"), SEC_OID_AES_256_GCM, NSS_USE_ALG_IN_SSL },
nss/lib/smime/smimeutil.c:    { SMIME_AES_CBC_256, SEC_OID_AES_256_CBC, NULL, PR_TRUE, PR_TRUE }
nss/lib/smime/smimeutil.c:        case SEC_OID_AES_256_CBC:
nss/lib/softoken/lowpbe.c:        case SEC_OID_AES_256_CBC:
nss/lib/ssl/ssl3con.c:     SEC_OID_AES_256_CBC, "AES-256", MR_128},
nss/lib/ssl/ssl3con.c:     SEC_OID_AES_256_GCM, "AES-256-GCM", MR_128},
nss/lib/util/secoid.c:    OD(aes256_ECB, SEC_OID_AES_256_ECB,
nss/lib/util/secoid.c:    OD(aes256_CBC, SEC_OID_AES_256_CBC,
nss/lib/util/secoid.c:    OD(aes256_KEY_WRAP, SEC_OID_AES_256_KEY_WRAP,
nss/lib/util/secoid.c:    OD(aes256_GCM, SEC_OID_AES_256_GCM,
nss/lib/util/secoidt.h:    SEC_OID_AES_256_ECB = 187,
nss/lib/util/secoidt.h:    SEC_OID_AES_256_CBC = 188,
nss/lib/util/secoidt.h:    SEC_OID_AES_256_KEY_WRAP = 199,
nss/lib/util/secoidt.h:    SEC_OID_AES_256_GCM = 320,

[classilla]

tenfourfox/security/% grep -r aes256_ *
nss/lib/smime/smimeutil.c:    int aes256_mapi;
nss/lib/smime/smimeutil.c:    aes256_mapi = smime_mapi_by_cipher(SMIME_AES_CBC_256);
nss/lib/smime/smimeutil.c:                  cipher_abilities[aes256_mapi]++;
nss/lib/smime/smimeutil.c:                  cipher_votes[aes256_mapi] += pref;
nss/lib/util/secoid.c:CONST_OID aes256_ECB[]                            = { AES, 41 };
nss/lib/util/secoid.c:CONST_OID aes256_CBC[]                            = { AES, 42 };
nss/lib/util/secoid.c:CONST_OID aes256_OFB[]                            = { AES, 43 };
nss/lib/util/secoid.c:CONST_OID aes256_CFB[]                            = { AES, 44 };
nss/lib/util/secoid.c:CONST_OID aes256_KEY_WRAP[]                       = { AES, 45 };
nss/lib/util/secoid.c:    OD( aes256_ECB, SEC_OID_AES_256_ECB,
nss/lib/util/secoid.c:    OD( aes256_CBC, SEC_OID_AES_256_CBC,
nss/lib/util/secoid.c:    OD( aes256_KEY_WRAP, SEC_OID_AES_256_KEY_WRAP,

esr52/security/% grep -r aes256_ *
nss/lib/smime/smimeutil.c:    int aes256_mapi;
nss/lib/smime/smimeutil.c:    aes256_mapi = smime_mapi_by_cipher(SMIME_AES_CBC_256);
nss/lib/smime/smimeutil.c:                    cipher_abilities[aes256_mapi]++;
nss/lib/smime/smimeutil.c:                    cipher_votes[aes256_mapi] += pref;
nss/lib/util/secoid.c:CONST_OID aes256_GCM[] = { AES, 0x2e };
nss/lib/util/secoid.c:CONST_OID aes256_ECB[] = { AES, 41 };
nss/lib/util/secoid.c:CONST_OID aes256_CBC[] = { AES, 42 };
nss/lib/util/secoid.c:CONST_OID aes256_OFB[] = { AES, 43 };
nss/lib/util/secoid.c:CONST_OID aes256_CFB[] = { AES, 44 };
nss/lib/util/secoid.c:CONST_OID aes256_KEY_WRAP[] = { AES, 45 };
nss/lib/util/secoid.c:    OD(aes256_ECB, SEC_OID_AES_256_ECB,
nss/lib/util/secoid.c:    OD(aes256_CBC, SEC_OID_AES_256_CBC,
nss/lib/util/secoid.c:    OD(aes256_KEY_WRAP, SEC_OID_AES_256_KEY_WRAP,

[classilla]

https://bug975832.bmoattachments.org/attachment.cgi?id=8759616

[classilla]

https://hg.mozilla.org/projects/nss/rev/cd068f7ce6ae11120f8e4427aa2e8ac35a6
9e764

we should be able to just copy those files from ESR60

[classilla]

This may be the best means to solve https://tenfourfox.tenderapp.com/discussions/problems/8583-tff-doesnt-open-web-radio-page

It wants TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, so let's start with that, and then mirror it for the ECDSA version.

[classilla]

It does indeed solve that site (and several others now select that cipher). No regressions detected. Since RSA is faster, we will defer adding ECDSA until we require it.