Tue Jun 19 00:01:39 UTC 2012

author: root <root@rshg054.dnsready.net> 2012-06-19 00:01:39 +0000
committer: root <root@rshg054.dnsready.net> 2012-06-19 00:01:39 +0000
commit: ca8fbff4eeda39b8a24515043ec4c8fdb95c23ee (patch)
tree: e31e0e223f205368e42e8f2378af9f8c76da0c0f /testing/nss/ssl-renegotiate-transitional.patch
parent: 014b5d0a1ee98ba0466f067f605b9637f2a14b2f (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/testing/nss/ssl-renegotiate-transitional.patch b/testing/nss/ssl-renegotiate-transitional.patch
new file mode 100644
index 000000000..f457c5551
--- /dev/null
+++ b/testing/nss/ssl-renegotiate-transitional.patch
@@ -0,0 +1,21 @@
+Enable transitional scheme for ssl renegotiation:
+
+(from mozilla/security/nss/lib/ssl/ssl.h)
+Disallow unsafe renegotiation in server sockets only, but allow clients
+to continue to renegotiate with vulnerable servers.
+This value should only be used during the transition period when few
+servers have been upgraded.
+
+diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c
+index f1d1921..c074360 100644
+--- a/mozilla/security/nss/lib/ssl/sslsock.c
++++ b/mozilla/security/nss/lib/ssl/sslsock.c
+@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {
+     PR_FALSE,   /* noLocks            */
+     PR_FALSE,   /* enableSessionTickets */
+     PR_FALSE,   /* enableDeflate      */
+-    2,          /* enableRenegotiation (default: requires extension) */
++    3,          /* enableRenegotiation (default: transitional) */
+     PR_FALSE,   /* requireSafeNegotiation */
+ };
+
author	root <root@rshg054.dnsready.net>	2012-06-19 00:01:39 +0000
committer	root <root@rshg054.dnsready.net>	2012-06-19 00:01:39 +0000
commit	ca8fbff4eeda39b8a24515043ec4c8fdb95c23ee (patch)
tree	e31e0e223f205368e42e8f2378af9f8c76da0c0f /testing/nss/ssl-renegotiate-transitional.patch
parent	014b5d0a1ee98ba0466f067f605b9637f2a14b2f (diff)