Bug 1422156 - Update tlsFlags to change 0x40 to be compat mode rather than 7e02 handshake. r=keeler

Reviewers: keeler

Reviewed By: keeler

Subscribers: mcmanus

Bug #: 1422156

Differential Revision: https://phabricator.services.mozilla.com/D306

security/manager/ssl/nsNSSIOLayer.cpp

@@ -75,7 +75,7 @@ namespace {
 //          0 means no override 1->4 are 1.0, 1.1, 1.2, 1.3, 4->7 unused
 // bits 3-5 (mask 0x38) specify the tls fallback limit
 //          0 means no override, values 1->4 match prefs
-// bit    6 (mask 0x40) specifies use of SSL_AltHandshakeType on handshake
+// bit    6 (mask 0x40) specifies use of TLS 1.3 compatibility mode (draft-22)
 
 enum {
   kTLSProviderFlagMaxVersion10   = 0x01,
@@ -94,7 +94,7 @@ static uint32_t getTLSProviderFlagFallbackLimit(uint32_t flags)
   return (flags & 0x38) >> 3;
 }
 
-static bool getTLSProviderFlagAltHandshake(uint32_t flags)
+static bool getTLSProviderFlagCompatMode(uint32_t flags)
 {
   return (flags & 0x40);
 }
@@ -2602,12 +2602,12 @@ nsSSLIOLayerSetOptions(PRFileDesc* fd, bool forSTARTTLS,
   }
 
   // enabling alternative handshake
-  if (getTLSProviderFlagAltHandshake(infoObject->GetProviderTlsFlags())) {
+  if (getTLSProviderFlagCompatMode(infoObject->GetProviderTlsFlags())) {
     MOZ_LOG(gPIPNSSLog, LogLevel::Debug,
-            ("[%p] nsSSLIOLayerSetOptions: Use AltHandshake\n", fd));
-    if (SECSuccess != SSL_UseAltServerHelloType(fd, PR_TRUE)) {
+            ("[%p] nsSSLIOLayerSetOptions: Use Compatible Handshake\n", fd));
+    if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_TLS13_COMPAT_MODE, PR_TRUE)) {
           MOZ_LOG(gPIPNSSLog, LogLevel::Error,
-                  ("[%p] nsSSLIOLayerSetOptions: Use AltHandshake failed\n", fd));
+                  ("[%p] nsSSLIOLayerSetOptions: Setting compat mode failed\n", fd));
           // continue on default path
     }
   }