mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-09 19:35:51 +00:00
Bug 583908 - Enable TLS false start in Mozilla. r/a=sayrer. (CLOSED TREE)
This commit is contained in:
parent
258b0690f7
commit
8da7b6bc29
@ -8,7 +8,7 @@ pref("security.ssl.renego_unrestricted_hosts", "");
|
||||
pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
|
||||
pref("security.ssl.require_safe_negotiation", false);
|
||||
pref("security.ssl.warn_missing_rfc5746", 1);
|
||||
pref("security.ssl.enable_false_start", false);
|
||||
pref("security.ssl.enable_false_start", true);
|
||||
|
||||
pref("security.ssl2.rc4_128", false);
|
||||
pref("security.ssl2.rc2_128", false);
|
||||
|
@ -92,6 +92,7 @@ SSL_SecurityStatus(PRFileDesc *fd, int *op, char **cp, int *kp0, int *kp1,
|
||||
sslSocket *ss;
|
||||
const char *cipherName;
|
||||
PRBool isDes = PR_FALSE;
|
||||
PRBool enoughFirstHsDone = PR_FALSE;
|
||||
|
||||
ss = ssl_FindSocket(fd);
|
||||
if (!ss) {
|
||||
@ -109,8 +110,14 @@ SSL_SecurityStatus(PRFileDesc *fd, int *op, char **cp, int *kp0, int *kp1,
|
||||
*op = SSL_SECURITY_STATUS_OFF;
|
||||
}
|
||||
|
||||
if (ss->opt.useSecurity && ss->firstHsDone) {
|
||||
if (ss->firstHsDone) {
|
||||
enoughFirstHsDone = PR_TRUE;
|
||||
} else if (ss->version >= SSL_LIBRARY_VERSION_3_0 &&
|
||||
ssl3_CanFalseStart(ss)) {
|
||||
enoughFirstHsDone = PR_TRUE;
|
||||
}
|
||||
|
||||
if (ss->opt.useSecurity && enoughFirstHsDone) {
|
||||
if (ss->version < SSL_LIBRARY_VERSION_3_0) {
|
||||
cipherName = ssl_cipherName[ss->sec.cipherType];
|
||||
} else {
|
||||
|
@ -111,14 +111,26 @@ SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
|
||||
/* some decisions derived from SSL_GetChannelInfo */
|
||||
sslSocket * sslsocket = NULL;
|
||||
SECStatus rv = SECFailure;
|
||||
PRBool enoughFirstHsDone = PR_FALSE;
|
||||
|
||||
if (!pYes)
|
||||
return rv;
|
||||
|
||||
sslsocket = ssl_FindSocket(socket);
|
||||
if (!sslsocket) {
|
||||
SSL_DBG(("%d: SSL[%d]: bad socket in HandshakeNegotiatedExtension",
|
||||
SSL_GETPID(), socket));
|
||||
return rv;
|
||||
}
|
||||
|
||||
if (sslsocket->firstHsDone) {
|
||||
enoughFirstHsDone = PR_TRUE;
|
||||
} else if (sslsocket->ssl3.initialized && ssl3_CanFalseStart(sslsocket)) {
|
||||
enoughFirstHsDone = PR_TRUE;
|
||||
}
|
||||
|
||||
/* according to public API SSL_GetChannelInfo, this doesn't need a lock */
|
||||
if (sslsocket && sslsocket->opt.useSecurity && sslsocket->firstHsDone) {
|
||||
if (sslsocket->opt.useSecurity && enoughFirstHsDone) {
|
||||
if (sslsocket->ssl3.initialized) { /* SSL3 and TLS */
|
||||
/* now we know this socket went through ssl3_InitState() and
|
||||
* ss->xtnData got initialized, which is the only member accessed by
|
||||
|
Loading…
Reference in New Issue
Block a user