From f7f5728a6a911076b62eef15e40f6495656b6c2b Mon Sep 17 00:00:00 2001
From: "wtc%google.com" <wtc%google.com@18797224-902f-48f8-a5cc-f745e15eee43>
Date: Tue, 19 Feb 2013 16:16:22 +0000
Subject: [PATCH] Bug 838769 (second attempt): Disable the ECC cipher suites if
 we cannot send extensions, even if we support all the currently specified
 curves (NSS_ECC_MORE_THAN_SUITE_B is set). r=agl,rrelyea. Modified Files: 
 ssl3con.c sslcon.c

git-svn-id: svn://10.0.0.236/trunk@264767 18797224-902f-48f8-a5cc-f745e15eee43
---
 mozilla/security/nss/lib/ssl/ssl3con.c | 4 ++--
 mozilla/security/nss/lib/ssl/sslcon.c  | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/mozilla/security/nss/lib/ssl/ssl3con.c b/mozilla/security/nss/lib/ssl/ssl3con.c
index 90ef7609108..88f0f9892b9 100644
--- a/mozilla/security/nss/lib/ssl/ssl3con.c
+++ b/mozilla/security/nss/lib/ssl/ssl3con.c
@@ -5,7 +5,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: ssl3con.c,v 1.206 2013-02-16 15:09:14 wtc%google.com Exp $ */
+/* $Id: ssl3con.c,v 1.207 2013-02-19 16:16:22 wtc%google.com Exp $ */
 
 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */
 
@@ -4382,7 +4382,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
 	    total_exten_len += 2;
     }
 
-#if defined(NSS_ENABLE_ECC) && !defined(NSS_ECC_MORE_THAN_SUITE_B)
+#if defined(NSS_ENABLE_ECC)
     if (!total_exten_len || !isTLS) {
 	/* not sending the elliptic_curves and ec_point_formats extensions */
     	ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */
diff --git a/mozilla/security/nss/lib/ssl/sslcon.c b/mozilla/security/nss/lib/ssl/sslcon.c
index 57bb9ab21e1..89a953dad1b 100644
--- a/mozilla/security/nss/lib/ssl/sslcon.c
+++ b/mozilla/security/nss/lib/ssl/sslcon.c
@@ -4,7 +4,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: sslcon.c,v 1.54 2013-02-16 15:09:14 wtc%google.com Exp $ */
+/* $Id: sslcon.c,v 1.55 2013-02-19 16:16:22 wtc%google.com Exp $ */
 
 #include "nssrenam.h"
 #include "cert.h"
@@ -3102,7 +3102,7 @@ ssl2_BeginClientHandshake(sslSocket *ss)
 
 	return rv;
     }
-#if defined(NSS_ENABLE_ECC) && !defined(NSS_ECC_MORE_THAN_SUITE_B)
+#if defined(NSS_ENABLE_ECC)
     /* ensure we don't neogtiate ECC cipher suites with SSL2 hello */
     ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */
     if (ss->cipherSpecs != NULL) {