diff options
author | root <root@rshg054.dnsready.net> | 2012-06-19 00:01:39 +0000 |
---|---|---|
committer | root <root@rshg054.dnsready.net> | 2012-06-19 00:01:39 +0000 |
commit | ca8fbff4eeda39b8a24515043ec4c8fdb95c23ee (patch) | |
tree | e31e0e223f205368e42e8f2378af9f8c76da0c0f /testing/nss/ssl-renegotiate-transitional.patch | |
parent | 014b5d0a1ee98ba0466f067f605b9637f2a14b2f (diff) |
Tue Jun 19 00:01:39 UTC 2012
Diffstat (limited to 'testing/nss/ssl-renegotiate-transitional.patch')
-rw-r--r-- | testing/nss/ssl-renegotiate-transitional.patch | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/testing/nss/ssl-renegotiate-transitional.patch b/testing/nss/ssl-renegotiate-transitional.patch new file mode 100644 index 000000000..f457c5551 --- /dev/null +++ b/testing/nss/ssl-renegotiate-transitional.patch @@ -0,0 +1,21 @@ +Enable transitional scheme for ssl renegotiation: + +(from mozilla/security/nss/lib/ssl/ssl.h) +Disallow unsafe renegotiation in server sockets only, but allow clients +to continue to renegotiate with vulnerable servers. +This value should only be used during the transition period when few +servers have been upgraded. + +diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c +index f1d1921..c074360 100644 +--- a/mozilla/security/nss/lib/ssl/sslsock.c ++++ b/mozilla/security/nss/lib/ssl/sslsock.c +@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = { + PR_FALSE, /* noLocks */ + PR_FALSE, /* enableSessionTickets */ + PR_FALSE, /* enableDeflate */ +- 2, /* enableRenegotiation (default: requires extension) */ ++ 3, /* enableRenegotiation (default: transitional) */ + PR_FALSE, /* requireSafeNegotiation */ + }; + |