From 71593bf178ba815ccc08415d2b9c448223a218f3 Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Mon, 25 Jul 2016 11:00:55 +0200
Subject: [PATCH] TLS-Client-NSS: enable AES-GCM

---
 en-US/snippets/Features-TLS-NSS-Init.xml | 8 ++++++++
 src/TLS-Client-NSS.c                     | 8 ++++++++
 2 files changed, 16 insertions(+)

diff --git a/en-US/snippets/Features-TLS-NSS-Init.xml b/en-US/snippets/Features-TLS-NSS-Init.xml
index 6352282..939ff39 100644
--- a/en-US/snippets/Features-TLS-NSS-Init.xml
+++ b/en-US/snippets/Features-TLS-NSS-Init.xml
@@ -16,6 +16,14 @@ if (ctx == NULL) {
 
 // Ciphers to enable.
 static const PRUint16 good_ciphers[] = {
+  TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+  TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+  TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+  TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+  TLS_RSA_WITH_AES_128_GCM_SHA256,
+  TLS_RSA_WITH_AES_256_GCM_SHA384,
+  TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
+  TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
   TLS_RSA_WITH_AES_128_CBC_SHA,
   TLS_RSA_WITH_AES_256_CBC_SHA,
   SSL_RSA_WITH_3DES_EDE_CBC_SHA,
diff --git a/src/TLS-Client-NSS.c b/src/TLS-Client-NSS.c
index 3faac5c..49525a0 100644
--- a/src/TLS-Client-NSS.c
+++ b/src/TLS-Client-NSS.c
@@ -107,6 +107,14 @@ main(int argc, char **argv)
 
   // Ciphers to enable.
   static const PRUint16 good_ciphers[] = {
+    TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+    TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
+    TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
+    TLS_RSA_WITH_AES_128_GCM_SHA256,
+    TLS_RSA_WITH_AES_256_GCM_SHA384,
+    TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
+    TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
     TLS_RSA_WITH_AES_128_CBC_SHA,
     TLS_RSA_WITH_AES_256_CBC_SHA,
     SSL_RSA_WITH_3DES_EDE_CBC_SHA,