Disable DSS ciphers in the NSS port.

This makes the remaining NSS ports match the BoringSSL ports. BUG=469387 Review URL: https://codereview.chromium.org/1020073005 Cr-Commit-Position: refs/heads/master@{#322062}

Disable DSS ciphers in the NSS port.
This makes the remaining NSS ports match the BoringSSL ports. BUG=469387 Review URL: https://codereview.chromium.org/1020073005 Cr-Commit-Position: refs/heads/master@{#322062}
5644e08d · davidben · Commit bot · e0bb6e53 · 5644e08d
Commit 5644e08d authored Mar 24, 2015 by davidben Committed by Commit bot Mar 24, 2015
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 5 deletions

net/socket/nss_ssl_util.cc net/socket/nss_ssl_util.cc +1 -5

No files found.
--- a/net/socket/nss_ssl_util.cc
+++ b/net/socket/nss_ssl_util.cc
@@ -108,7 +108,7 @@ class NSSSSLInitSingleton {
      disableECDSA = true;
 #endif

-    // Explicitly enable exactly those ciphers with keys of at least 80 bits
+    // Explicitly enable exactly those ciphers with keys of at least 80 bits.
    for (int i = 0; i < num_ciphers; i++) {
      SSLCipherSuiteInfo info;
      if (SSL_GetCipherSuiteInfo(ssl_ciphers[i], &info,
@@ -130,10 +130,6 @@ class NSSSSLInitSingleton {
          enabled = false;
        }

-        if (ssl_ciphers[i] == TLS_DHE_DSS_WITH_AES_128_CBC_SHA) {
-          // Enabled to allow servers with only a DSA certificate to function.
-          enabled = true;
-        }
        SSL_CipherPrefSetDefault(ssl_ciphers[i], enabled);
      }
    }