Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-28 23:31:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

bug 1320510 - clamp the default enabled TLS version range to what NSS supports r=keeler

Browse Source 
In particular, this fixes the case where Firefox is compiled with TLS 1.3
enabled by default with the option --with-system-nss against NSS 3.28, which has
TLS 1.3 compile-time disabled by default.
This commit is contained in:
EKR 2016-11-28 13:15:34 -08:00
parent df53257c80
commit 1987bbf1a9
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
security/manager/ssl/nsNSSComponent.cpp
View File

@ -1411,6 +1411,11 @@ nsNSSComponent::FillTLSVersionRange(SSLVersionRange& rangeOut,
return;
}
// Clip the defaults by what NSS actually supports to enable
// working with a system NSS with different ranges.
rangeOut.min = std::max(rangeOut.min, supported.min);
rangeOut.max = std::min(rangeOut.max, supported.max);
// convert min/maxFromPrefs to the internal representation
minFromPrefs += SSL_LIBRARY_VERSION_3_0;
maxFromPrefs += SSL_LIBRARY_VERSION_3_0;