diff --git a/nss b/nss index f96bcd8..b031a11 160000 --- a/nss +++ b/nss @@ -1 +1 @@ -Subproject commit f96bcd8755b60ad2ec01545f3481a56cf0f78408 +Subproject commit b031a11b148ec01fc4195fcc96922317114ff9e9 diff --git a/rpm/add-relro-linker-option.patch b/rpm/add-relro-linker-option.patch index 7ab9db1..6be78e8 100644 --- a/rpm/add-relro-linker-option.patch +++ b/rpm/add-relro-linker-option.patch @@ -1,7 +1,7 @@ diff -up nss/coreconf/Linux.mk.relro nss/coreconf/Linux.mk --- nss/coreconf/Linux.mk.relro 2013-04-09 14:29:45.943228682 -0700 +++ nss/coreconf/Linux.mk 2013-04-09 14:31:26.194953927 -0700 -@@ -174,6 +174,12 @@ endif +@@ -188,6 +188,12 @@ endif endif endif diff --git a/rpm/iquote.patch b/rpm/iquote.patch index 6e4adcd..dd956ec 100644 --- a/rpm/iquote.patch +++ b/rpm/iquote.patch @@ -1,7 +1,7 @@ diff -up nss/coreconf/location.mk.iquote nss/coreconf/location.mk --- nss/coreconf/location.mk.iquote 2017-07-27 16:09:32.000000000 +0200 +++ nss/coreconf/location.mk 2017-09-06 13:23:14.633611555 +0200 -@@ -75,4 +75,9 @@ ifndef SQLITE_LIB_NAME +@@ -72,4 +72,9 @@ ifndef SQLITE_LIB_NAME SQLITE_LIB_NAME = sqlite3 endif diff --git a/rpm/nss-539183.patch b/rpm/nss-539183.patch deleted file mode 100644 index eda3249..0000000 --- a/rpm/nss-539183.patch +++ /dev/null @@ -1,62 +0,0 @@ ---- ./nss/cmd/httpserv/httpserv.c.539183 2016-05-21 18:31:39.879585420 -0700 -+++ ./nss/cmd/httpserv/httpserv.c 2016-05-21 18:37:22.374464057 -0700 -@@ -953,23 +953,23 @@ - getBoundListenSocket(unsigned short port) - { - PRFileDesc *listen_sock; - int listenQueueDepth = 5 + (2 * maxThreads); - PRStatus prStatus; - PRNetAddr addr; - PRSocketOptionData opt; - -- addr.inet.family = PR_AF_INET; -- addr.inet.ip = PR_INADDR_ANY; -- addr.inet.port = PR_htons(port); -+ if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) { -+ errExit("PR_SetNetAddr"); -+ } - -- listen_sock = PR_NewTCPSocket(); -+ listen_sock = PR_OpenTCPSocket(PR_AF_INET6); - if (listen_sock == NULL) { -- errExit("PR_NewTCPSocket"); -+ errExit("PR_OpenTCPSockett"); - } - - opt.option = PR_SockOpt_Nonblocking; - opt.value.non_blocking = PR_FALSE; - prStatus = PR_SetSocketOption(listen_sock, &opt); - if (prStatus < 0) { - PR_Close(listen_sock); - errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)"); ---- ./nss/cmd/selfserv/selfserv.c.539183 2016-05-21 18:31:39.882585367 -0700 -+++ ./nss/cmd/selfserv/selfserv.c 2016-05-21 18:41:43.092801174 -0700 -@@ -1711,23 +1711,23 @@ - getBoundListenSocket(unsigned short port) - { - PRFileDesc *listen_sock; - int listenQueueDepth = 5 + (2 * maxThreads); - PRStatus prStatus; - PRNetAddr addr; - PRSocketOptionData opt; - -- addr.inet.family = PR_AF_INET; -- addr.inet.ip = PR_INADDR_ANY; -- addr.inet.port = PR_htons(port); -+ if (PR_SetNetAddr(PR_IpAddrAny, PR_AF_INET6, port, &addr) != PR_SUCCESS) { -+ errExit("PR_SetNetAddr"); -+ } - -- listen_sock = PR_NewTCPSocket(); -+ listen_sock = PR_OpenTCPSocket(PR_AF_INET6); - if (listen_sock == NULL) { -- errExit("PR_NewTCPSocket"); -+ errExit("PR_OpenTCPSocket error"); - } - - opt.option = PR_SockOpt_Nonblocking; - opt.value.non_blocking = PR_FALSE; - prStatus = PR_SetSocketOption(listen_sock, &opt); - if (prStatus < 0) { - PR_Close(listen_sock); - errExit("PR_SetSocketOption(PR_SockOpt_Nonblocking)"); diff --git a/rpm/nss-skip-bltest-and-fipstest.patch b/rpm/nss-skip-bltest-and-fipstest.patch deleted file mode 100644 index aee646c..0000000 --- a/rpm/nss-skip-bltest-and-fipstest.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -up ./nss/cmd/Makefile.skipthem ./nss/cmd/Makefile ---- ./nss/cmd/Makefile.skipthem 2017-01-06 13:17:27.477848351 +0100 -+++ ./nss/cmd/Makefile 2017-01-06 13:19:30.244586100 +0100 -@@ -19,7 +19,11 @@ BLTEST_SRCDIR = - ECPERF_SRCDIR = - FREEBL_ECTEST_SRCDIR = - FIPSTEST_SRCDIR = -+ifeq ($(NSS_BLTEST_NOT_AVAILABLE),1) -+SHLIBSIGN_SRCDIR = shlibsign -+else - SHLIBSIGN_SRCDIR = -+endif - else - BLTEST_SRCDIR = bltest - ECPERF_SRCDIR = ecperf diff --git a/rpm/nss-skip-util-gtest.patch b/rpm/nss-skip-util-gtest.patch deleted file mode 100644 index 94391c8..0000000 --- a/rpm/nss-skip-util-gtest.patch +++ /dev/null @@ -1,10 +0,0 @@ -diff -up nss/gtests/manifest.mn.skip_util_gtest nss/gtests/manifest.mn ---- nss/gtests/manifest.mn.skip_util_gtest 2017-08-08 12:45:57.598801125 +0200 -+++ nss/gtests/manifest.mn 2017-08-08 12:46:59.682419852 +0200 -@@ -31,6 +31,5 @@ endif - - DIRS = \ - $(LIB_SRCDIRS) \ -- $(UTIL_SRCDIRS) \ - $(NSS_SRCDIRS) \ - $(NULL) diff --git a/rpm/nss-sysinit-userdb-first.patch b/rpm/nss-sysinit-userdb-first.patch index 526419a..8b4e222 100644 --- a/rpm/nss-sysinit-userdb-first.patch +++ b/rpm/nss-sysinit-userdb-first.patch @@ -1,6 +1,6 @@ --- ./nss/lib/sysinit/nsssysinit.c.603313 2017-11-14 10:01:25.000000000 +0200 +++ ./nss/lib/sysinit/nsssysinit.c 2017-11-22 16:28:56.324234787 +0200 -@@ -231,6 +231,17 @@ get_list(char *filename, char *stripped_ +@@ -246,6 +246,17 @@ get_list(char *filename, char *stripped_ sysdb = getSystemDB(); userdb = getUserDB(); @@ -18,7 +18,7 @@ /* Don't open root's user DB */ if (userdb != NULL && !userIsRoot()) { /* return a list of databases to open. First the user Database */ -@@ -252,17 +263,6 @@ get_list(char *filename, char *stripped_ +@@ -267,17 +278,6 @@ get_list(char *filename, char *stripped_ userdb, stripped_parameters); } diff --git a/rpm/nss.spec b/rpm/nss.spec index efde62a..feb7e47 100644 --- a/rpm/nss.spec +++ b/rpm/nss.spec @@ -1,4 +1,4 @@ -%global nspr_version 4.29 +%global nspr_version 4.35 %global unsupported_tools_directory %{_libdir}/nss/unsupported-tools %global saved_files_dir %{_libdir}/nss/saved %global dracutlibdir %{_prefix}/lib/dracut @@ -9,14 +9,14 @@ # Produce .chk files for the final stripped binaries # -# NOTE: The LD_LIBRARY_PATH line guarantees shlibsign links +# NOTE: The LD_LIBRARY_PATH line guarantees shlibsign links # against the freebl that we just built. This is necessary # because the signing algorithm changed on 3.14 to DSA2 with SHA256 # whereas we previously signed with DSA and SHA1. We must Keep this line # until all mock platforms have been updated. # After %%{__os_install_post} we would add # export LD_LIBRARY_PATH=$RPM_BUILD_ROOT/%%{_libdir} - + %define __spec_install_post \ %{?__debug_package:%{__debug_install_post}} \ %{__arch_install_post} \ @@ -30,7 +30,7 @@ Summary: Network Security Services Name: nss -Version: 3.73.1 +Version: 3.101 Release: 1 License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ @@ -70,17 +70,13 @@ Source23: cert8.db.xml Source24: cert9.db.xml Source25: key3.db.xml Source26: key4.db.xml -Source27: secmod.db.xml +Source27: secmod.db.xml Source28: nss-p11-kit.config Patch2: add-relro-linker-option.patch Patch3: renegotiate-transitional.patch Patch8: nss-sysinit-userdb-first.patch -# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=617723 -Patch16: nss-539183.patch -# TODO remove when we switch to building nss without softoken -Patch49: nss-skip-bltest-and-fipstest.patch # This patch uses the GCC -iquote option documented at # http://gcc.gnu.org/onlinedocs/gcc/Directory-Options.html#Directory-Options # to give the in-tree headers a higher priority over the system headers, @@ -93,9 +89,6 @@ Patch49: nss-skip-bltest-and-fipstest.patch # Once the buildroot aha been bootstrapped the patch may be removed # but it doesn't hurt to keep it. Patch50: iquote.patch -# Local patch for TLS_ECDHE_{ECDSA|RSA}_WITH_3DES_EDE_CBC_SHA ciphers -Patch58: rhbz1185708-enable-ecc-3des-ciphers-by-default.patch -Patch62: nss-skip-util-gtest.patch %description Network Security Services (NSS) is a set of libraries designed to @@ -155,10 +148,10 @@ low level services. %package util Summary: Network Security Services Utilities Library Requires: nspr >= %{nspr_version} - + %description util Utilities for Network Security Services and the Softoken module - + %package util-devel Summary: Development libraries for Network Security Services Utilities Requires: nss-util%{?_isa} = %{version}-%{release} @@ -173,7 +166,7 @@ Summary: Network Security Services Softoken Module Requires: nspr >= %{nspr_version} Requires: nss-util >= %{version}-%{release} Requires: nss-softokn-freebl%{_isa} >= %{version}-%{release} - + %description softokn Network Security Services Softoken Cryptographic Module. Softoken is an NSS module that exposes most FreeBL functionality as a PKCS#11 module. @@ -202,7 +195,7 @@ This package supports special needs of some PKCS #11 module developers and is otherwise considered private to NSS. As such, the programming interfaces may change and the usual NSS binary compatibility commitments do not apply. Developers should rely only on the officially supported NSS public API. - + %package softokn-devel Summary: Development libraries for Network Security Services Requires: nss-softokn%{?_isa} = %{version}-%{release} @@ -211,7 +204,7 @@ Requires: nspr-devel >= %{nspr_version} Requires: nss-util-devel >= %{version}-%{release} Requires: pkgconfig BuildRequires: nspr-devel >= %{nspr_version} - + %description softokn-devel Header and library files for doing development with Network Security Services. @@ -221,12 +214,7 @@ Header and library files for doing development with Network Security Services. %patch2 -p1 -b .relro %patch3 -p1 -b .transitional %patch8 -p2 -b .sysinit_userdb -%patch16 -p2 -b .539183 -%patch49 -p2 -b .skip_bltest %patch50 -p1 -b .iquote -%patch58 -p2 -b .1185708_3des -%patch62 -p1 -b .skip_util_gtest - %build # TODO: new build system with gyp & ninja @@ -305,7 +293,7 @@ export POLICY_PATH="/etc/crypto-policies/back-ends" # Set up our package files mkdir -p ../dist/pkgconfig - + cat %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \ -e "s,%%prefix%%,%{_prefix},g" \ -e "s,%%exec_prefix%%,%{_prefix},g" \ @@ -313,14 +301,14 @@ cat %{SOURCE1} | sed -e "s,%%libdir%%,%{_libdir},g" \ -e "s,%%NSPR_VERSION%%,%{nspr_version},g" \ -e "s,%%NSSUTIL_VERSION%%,%{version},g" > \ ../dist/pkgconfig/nss-util.pc - + NSSUTIL_VMAJOR=`cat lib/util/nssutil.h | grep "#define.*NSSUTIL_VMAJOR" | awk '{print $3}'` NSSUTIL_VMINOR=`cat lib/util/nssutil.h | grep "#define.*NSSUTIL_VMINOR" | awk '{print $3}'` NSSUTIL_VPATCH=`cat lib/util/nssutil.h | grep "#define.*NSSUTIL_VPATCH" | awk '{print $3}'` export NSSUTIL_VMAJOR export NSSUTIL_VMINOR -export NSSUTIL_VPATCH +export NSSUTIL_VPATCH cat %{SOURCE2} | sed -e "s,@libdir@,%{_libdir},g" \ -e "s,@prefix@,%{_prefix},g" \ @@ -330,9 +318,9 @@ cat %{SOURCE2} | sed -e "s,@libdir@,%{_libdir},g" \ -e "s,@MOD_MINOR_VERSION@,$NSSUTIL_VMINOR,g" \ -e "s,@MOD_PATCH_VERSION@,$NSSUTIL_VPATCH,g" \ > ../dist/pkgconfig/nss-util-config - + chmod 755 ../dist/pkgconfig/nss-util-config - + cat %{SOURCE3} | sed -e "s,%%libdir%%,%{_libdir},g" \ -e "s,%%prefix%%,%{_prefix},g" \ -e "s,%%exec_prefix%%,%{_prefix},g" \ @@ -341,14 +329,14 @@ cat %{SOURCE3} | sed -e "s,%%libdir%%,%{_libdir},g" \ -e "s,%%NSSUTIL_VERSION%%,%{version},g" \ -e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \ ../dist/pkgconfig/nss-softokn.pc - + SOFTOKEN_VMAJOR=`cat lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMAJOR" | awk '{print $3}'` SOFTOKEN_VMINOR=`cat lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VMINOR" | awk '{print $3}'` SOFTOKEN_VPATCH=`cat lib/softoken/softkver.h | grep "#define.*SOFTOKEN_VPATCH" | awk '{print $3}'` export SOFTOKEN_VMAJOR export SOFTOKEN_VMINOR -export SOFTOKEN_VPATCH +export SOFTOKEN_VPATCH cat %{SOURCE4} | sed -e "s,@libdir@,%{_libdir},g" \ -e "s,@prefix@,%{_prefix},g" \ @@ -360,7 +348,7 @@ cat %{SOURCE4} | sed -e "s,@libdir@,%{_libdir},g" \ > ../dist/pkgconfig/nss-softokn-config chmod 755 ../dist/pkgconfig/nss-softokn-config - + cat %{SOURCE8} | sed -e "s,%%libdir%%,%{_libdir},g" \ -e "s,%%prefix%%,%{_prefix},g" \ -e "s,%%exec_prefix%%,%{_prefix},g" \ @@ -370,15 +358,15 @@ cat %{SOURCE8} | sed -e "s,%%libdir%%,%{_libdir},g" \ -e "s,%%NSSUTIL_VERSION%%,%{version},g" \ -e "s,%%SOFTOKEN_VERSION%%,%{version},g" > \ ../dist/pkgconfig/nss.pc - + NSS_VMAJOR=`cat lib/nss/nss.h | grep "#define.*NSS_VMAJOR" | awk '{print $3}'` NSS_VMINOR=`cat lib/nss/nss.h | grep "#define.*NSS_VMINOR" | awk '{print $3}'` NSS_VPATCH=`cat lib/nss/nss.h | grep "#define.*NSS_VPATCH" | awk '{print $3}'` export NSS_VMAJOR export NSS_VMINOR -export NSS_VPATCH - +export NSS_VPATCH + cat %{SOURCE9} | sed -e "s,@libdir@,%{_libdir},g" \ -e "s,@prefix@,%{_prefix},g" \ -e "s,@exec_prefix@,%{_prefix},g" \ @@ -387,7 +375,7 @@ cat %{SOURCE9} | sed -e "s,@libdir@,%{_libdir},g" \ -e "s,@MOD_MINOR_VERSION@,$NSS_VMINOR,g" \ -e "s,@MOD_PATCH_VERSION@,$NSS_VPATCH,g" \ > ../dist/pkgconfig/nss-config - + chmod 755 ../dist/pkgconfig/nss-config cat %{SOURCE16} > ../dist/pkgconfig/setup-nsssysinit.sh @@ -448,9 +436,9 @@ if [ $SPACEISBAD -ne 0 ]; then echo "error: filenames containing space are not supported (xargs)" exit 1 fi -MYRAND=`perl -e 'print 9000 + int rand 1000'`; echo $MYRAND ||: -RANDSERV=selfserv_${MYRAND}; echo $RANDSERV ||: -DISTBINDIR=`ls -d ../dist/*.OBJ/bin`; echo $DISTBINDIR ||: +export MYRAND=`perl -e 'print 9000 + int rand 1000'`; echo $MYRAND +export RANDSERV=selfserv_${MYRAND}; echo $RANDSERV +export DISTBINDIR=`ls -d ../dist/*.OBJ/bin`; echo $DISTBINDIR pushd `pwd` cd $DISTBINDIR ln -s selfserv $RANDSERV @@ -537,7 +525,7 @@ echo "test suite completed" %{__mkdir_p} $RPM_BUILD_ROOT/%{unsupported_tools_directory} %{__mkdir_p} $RPM_BUILD_ROOT/%{_libdir}/pkgconfig %{__mkdir_p} $RPM_BUILD_ROOT/%{saved_files_dir} -%{__mkdir_p} $RPM_BUILD_ROOT/%{dracut_modules_dir} +%{__mkdir_p} $RPM_BUILD_ROOT/%{dracut_modules_dir} %{__mkdir_p} $RPM_BUILD_ROOT/%{dracut_conf_dir} %{__mkdir_p} $RPM_BUILD_ROOT/%{_sysconfdir}/crypto-policies/local.d # because of the pp.1 conflict with perl-PAR-Packer @@ -624,7 +612,7 @@ done ln -s -f setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit # Copy the crypto-policies configuration file - + %{__install} -p -m 644 %{SOURCE28} $RPM_BUILD_ROOT/%{_sysconfdir}/crypto-policies/local.d %triggerpostun -n nss-sysinit -- nss-sysinit < 3.12.8-3 @@ -636,8 +624,8 @@ ln -s -f setup-nsssysinit.sh $RPM_BUILD_ROOT/%{_bindir}/setup-nsssysinit %post update-crypto-policies &> /dev/null || : - -%postun + +%postun update-crypto-policies &> /dev/null || : %files @@ -743,8 +731,10 @@ update-crypto-policies &> /dev/null || : %{_includedir}/nss3/ciferfam.h %{_includedir}/nss3/eccutil.h %{_includedir}/nss3/hasht.h +%{_includedir}/nss3/kyber.h %{_includedir}/nss3/nssb64.h %{_includedir}/nss3/nssb64t.h +%{_includedir}/nss3/nsshash.h %{_includedir}/nss3/nsslocks.h %{_includedir}/nss3/nssilock.h %{_includedir}/nss3/nssilckt.h @@ -809,8 +799,10 @@ update-crypto-policies &> /dev/null || : %{_includedir}/nss3/ciferfam.h %{_includedir}/nss3/eccutil.h %{_includedir}/nss3/hasht.h +%{_includedir}/nss3/kyber.h %{_includedir}/nss3/nssb64.h %{_includedir}/nss3/nssb64t.h +%{_includedir}/nss3/nsshash.h %{_includedir}/nss3/nsslocks.h %{_includedir}/nss3/nssilock.h %{_includedir}/nss3/nssilckt.h @@ -845,7 +837,7 @@ update-crypto-policies &> /dev/null || : %{_includedir}/nss3/templates/templates.c %files softokn -%{_libdir}/libnssdbm3.so +%{_libdir}/libnssdbm3.so %{_libdir}/libnssdbm3.chk %{_libdir}/libsoftokn3.so %{_libdir}/libsoftokn3.chk @@ -879,7 +871,7 @@ update-crypto-policies &> /dev/null || : %{_includedir}/nss3/cmac.h %{_includedir}/nss3/lowkeyi.h %{_includedir}/nss3/lowkeyti.h - + %files softokn-devel %{_libdir}/pkgconfig/nss-softokn.pc %{_bindir}/nss-softokn-config diff --git a/rpm/renegotiate-transitional.patch b/rpm/renegotiate-transitional.patch index d3aa3bd..2ebbe49 100644 --- a/rpm/renegotiate-transitional.patch +++ b/rpm/renegotiate-transitional.patch @@ -1,7 +1,7 @@ diff -up nss/lib/ssl/sslsock.c.transitional nss/lib/ssl/sslsock.c --- nss/lib/ssl/sslsock.c.transitional 2018-03-09 13:57:50.615706802 +0100 +++ nss/lib/ssl/sslsock.c 2018-03-09 13:58:23.708974970 +0100 -@@ -67,7 +67,7 @@ static sslOptions ssl_defaults = { +@@ -72,7 +72,7 @@ static sslOptions ssl_defaults = { .noLocks = PR_FALSE, .enableSessionTickets = PR_FALSE, .enableDeflate = PR_FALSE, diff --git a/rpm/rhbz1185708-enable-ecc-3des-ciphers-by-default.patch b/rpm/rhbz1185708-enable-ecc-3des-ciphers-by-default.patch deleted file mode 100644 index 455c747..0000000 --- a/rpm/rhbz1185708-enable-ecc-3des-ciphers-by-default.patch +++ /dev/null @@ -1,23 +0,0 @@ ---- ./nss/lib/ssl/ssl3con.c.1185708_3des 2016-06-23 21:10:09.765992512 -0400 -+++ ./nss/lib/ssl/ssl3con.c 2016-06-23 22:58:39.121398601 -0400 -@@ -118,18 +118,18 @@ - { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -- { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -- { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, -+ { TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, -+ { TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - - { TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_TRUE, PR_FALSE}, - { TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256,SSL_ALLOWED,PR_TRUE, PR_FALSE}, - { TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE}, - { TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, SSL_ALLOWED, PR_FALSE, PR_FALSE},