| 12345678910111213141516171819202122 |
- Enable transitional scheme for ssl renegotiation:
- (from mozilla/security/nss/lib/ssl/ssl.h)
- Disallow unsafe renegotiation in server sockets only, but allow clients
- to continue to renegotiate with vulnerable servers.
- This value should only be used during the transition period when few
- servers have been upgraded.
- diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c
- index f1d1921..c074360 100644
- --- a/mozilla/security/nss/lib/ssl/sslsock.c
- +++ b/mozilla/security/nss/lib/ssl/sslsock.c
- @@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {
- PR_FALSE, /* noLocks */
- PR_FALSE, /* enableSessionTickets */
- PR_FALSE, /* enableDeflate */
- - 2, /* enableRenegotiation (default: requires extension) */
- + 3, /* enableRenegotiation (default: transitional) */
- PR_FALSE, /* requireSafeNegotiation */
- };
-
|
