537356 - Implement new safe SSL3 & TLS renegotiation. Change renegotiation default to be SSL_RENEGOTIATE_REQUIRES_XTN. r=wtc.

git-svn-id: svn://10.0.0.236/trunk@259821 18797224-902f-48f8-a5cc-f745e15eee43

mozilla/security/nss/lib/ssl/sslsock.c

@@ -40,7 +40,7 @@
  * the terms of any one of the MPL, the GPL or the LGPL.
  *
  * ***** END LICENSE BLOCK ***** */
-/* $Id: sslsock.c,v 1.65 2010-02-17 02:29:08 wtc%google.com Exp $ */
+/* $Id: sslsock.c,v 1.66 2010-02-26 20:44:54 alexei.volkov.bugs%sun.com Exp $ */
 #include "seccomon.h"
 #include "cert.h"
 #include "keyhi.h"
@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {
     PR_FALSE,   /* noLocks            */
     PR_FALSE,   /* enableSessionTickets */
     PR_FALSE,   /* enableDeflate      */
-    3,          /* enableRenegotiation (default: transitional) */
+    2,          /* enableRenegotiation (default: requires extension) */
     PR_FALSE,   /* requireSafeNegotiation */
 };
 
@@ -2301,7 +2301,7 @@ ssl_NewSocket(PRBool makeLocks)
 	    	ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_NEVER;
 	    else if (ev[0] == '2' || LOWER(ev[0]) == 'r')
 		ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN;
-	    else
+	    else if (ev[0] == '3' || LOWER(ev[0]) == 't')
 	    	ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL;
 	    SSL_TRACE(("SSL: enableRenegotiation set to %d", 
 	               ssl_defaults.enableRenegotiation));