From 9ac9e5980188c16bcd4208a84a495cf6e54d96a4 Mon Sep 17 00:00:00 2001 From: "alexei.volkov.bugs%sun.com" Date: Fri, 26 Feb 2010 20:44:54 +0000 Subject: [PATCH] 537356 - Implement new safe SSL3 & TLS renegotiation. Change renegotiation default to be SSL_RENEGOTIATE_REQUIRES_XTN. r=wtc. git-svn-id: svn://10.0.0.236/trunk@259821 18797224-902f-48f8-a5cc-f745e15eee43 --- mozilla/security/nss/lib/ssl/sslsock.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c index 75791138ac5..7d6bd68825b 100644 --- a/mozilla/security/nss/lib/ssl/sslsock.c +++ b/mozilla/security/nss/lib/ssl/sslsock.c @@ -40,7 +40,7 @@ * the terms of any one of the MPL, the GPL or the LGPL. * * ***** END LICENSE BLOCK ***** */ -/* $Id: sslsock.c,v 1.65 2010-02-17 02:29:08 wtc%google.com Exp $ */ +/* $Id: sslsock.c,v 1.66 2010-02-26 20:44:54 alexei.volkov.bugs%sun.com Exp $ */ #include "seccomon.h" #include "cert.h" #include "keyhi.h" @@ -181,7 +181,7 @@ static sslOptions ssl_defaults = { PR_FALSE, /* noLocks */ PR_FALSE, /* enableSessionTickets */ PR_FALSE, /* enableDeflate */ - 3, /* enableRenegotiation (default: transitional) */ + 2, /* enableRenegotiation (default: requires extension) */ PR_FALSE, /* requireSafeNegotiation */ }; @@ -2301,7 +2301,7 @@ ssl_NewSocket(PRBool makeLocks) ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_NEVER; else if (ev[0] == '2' || LOWER(ev[0]) == 'r') ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN; - else + else if (ev[0] == '3' || LOWER(ev[0]) == 't') ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL; SSL_TRACE(("SSL: enableRenegotiation set to %d", ssl_defaults.enableRenegotiation));