Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-10-09 19:35:51 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 583908 - Enable TLS false start in Mozilla. r/a=sayrer. (CLOSED TREE)

Browse Source
This commit is contained in:
Wan-Teh Chang 2010-08-03 23:36:53 -07:00
parent 258b0690f7
commit 8da7b6bc29
3 changed files with 22 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
netwerk/base/public/security-prefs.js
View File

@ -8,7 +8,7 @@ pref("security.ssl.renego_unrestricted_hosts", "");
pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
pref("security.ssl.require_safe_negotiation", false);
pref("security.ssl.warn_missing_rfc5746", 1);
pref("security.ssl.enable_false_start", false);
pref("security.ssl.enable_false_start", true);
pref("security.ssl2.rc4_128", false);
pref("security.ssl2.rc2_128", false);

9
security/nss/lib/ssl/sslauth.c
View File

@ -92,6 +92,7 @@ SSL_SecurityStatus(PRFileDesc *fd, int *op, char **cp, int *kp0, int *kp1,
sslSocket *ss;
const char *cipherName;
PRBool isDes = PR_FALSE;
PRBool enoughFirstHsDone = PR_FALSE;
ss = ssl_FindSocket(fd);
if (!ss) {
@ -109,8 +110,14 @@ SSL_SecurityStatus(PRFileDesc *fd, int *op, char **cp, int *kp0, int *kp1,
*op = SSL_SECURITY_STATUS_OFF;
}
if (ss->opt.useSecurity && ss->firstHsDone) {
if (ss->firstHsDone) {
enoughFirstHsDone = PR_TRUE;
} else if (ss->version >= SSL_LIBRARY_VERSION_3_0 &&
ssl3_CanFalseStart(ss)) {
enoughFirstHsDone = PR_TRUE;
}
if (ss->opt.useSecurity && enoughFirstHsDone) {
if (ss->version < SSL_LIBRARY_VERSION_3_0) {
cipherName = ssl_cipherName[ss->sec.cipherType];
} else {

14
security/nss/lib/ssl/sslreveal.c
View File

@ -111,14 +111,26 @@ SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
/* some decisions derived from SSL_GetChannelInfo */
sslSocket * sslsocket = NULL;
SECStatus rv = SECFailure;
PRBool enoughFirstHsDone = PR_FALSE;
if (!pYes)
return rv;
sslsocket = ssl_FindSocket(socket);
if (!sslsocket) {
SSL_DBG(("%d: SSL[%d]: bad socket in HandshakeNegotiatedExtension",
SSL_GETPID(), socket));
return rv;
}
if (sslsocket->firstHsDone) {
enoughFirstHsDone = PR_TRUE;
} else if (sslsocket->ssl3.initialized && ssl3_CanFalseStart(sslsocket)) {
enoughFirstHsDone = PR_TRUE;
}
/* according to public API SSL_GetChannelInfo, this doesn't need a lock */
if (sslsocket && sslsocket->opt.useSecurity && sslsocket->firstHsDone) {
if (sslsocket->opt.useSecurity && enoughFirstHsDone) {
if (sslsocket->ssl3.initialized) { /* SSL3 and TLS */
/* now we know this socket went through ssl3_InitState() and
* ss->xtnData got initialized, which is the only member accessed by