Bug 838769 (second attempt): Disable the ECC cipher suites if we cannot

send extensions, even if we support all the currently specified curves
(NSS_ECC_MORE_THAN_SUITE_B is set). r=agl,rrelyea.
Modified Files:
	ssl3con.c sslcon.c


git-svn-id: svn://10.0.0.236/trunk@264767 18797224-902f-48f8-a5cc-f745e15eee43

mozilla/security/nss/lib/ssl/ssl3con.c

@@ -5,7 +5,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: ssl3con.c,v 1.206 2013-02-16 15:09:14 wtc%google.com Exp $ */
+/* $Id: ssl3con.c,v 1.207 2013-02-19 16:16:22 wtc%google.com Exp $ */
 
 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */
 
@@ -4382,7 +4382,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
 	    total_exten_len += 2;
     }
 
-#if defined(NSS_ENABLE_ECC) && !defined(NSS_ECC_MORE_THAN_SUITE_B)
+#if defined(NSS_ENABLE_ECC)
     if (!total_exten_len || !isTLS) {
 	/* not sending the elliptic_curves and ec_point_formats extensions */
     	ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */

mozilla/security/nss/lib/ssl/sslcon.c

@@ -4,7 +4,7 @@
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-/* $Id: sslcon.c,v 1.54 2013-02-16 15:09:14 wtc%google.com Exp $ */
+/* $Id: sslcon.c,v 1.55 2013-02-19 16:16:22 wtc%google.com Exp $ */
 
 #include "nssrenam.h"
 #include "cert.h"
@@ -3102,7 +3102,7 @@ ssl2_BeginClientHandshake(sslSocket *ss)
 
 	return rv;
     }
-#if defined(NSS_ENABLE_ECC) && !defined(NSS_ECC_MORE_THAN_SUITE_B)
+#if defined(NSS_ENABLE_ECC)
     /* ensure we don't neogtiate ECC cipher suites with SSL2 hello */
     ssl3_DisableECCSuites(ss, NULL); /* disable all ECC suites */
     if (ss->cipherSpecs != NULL) {