wok annotate nss/stuff/ssl-renegotiate-transitional.patch @ rev 12584
kismet: update bdeps
| author | Pascal Bellard <pascal.bellard@slitaz.org> |
|---|---|
| date | Sat Apr 28 21:28:13 2012 +0200 (2012-04-28) |
| parents | |
| children |
| rev | line source |
|---|---|
| slaxemulator@6444 | 1 Enable transitional scheme for ssl renegotiation: |
| slaxemulator@6444 | 2 |
| slaxemulator@6444 | 3 (from mozilla/security/nss/lib/ssl/ssl.h) |
| slaxemulator@6444 | 4 Disallow unsafe renegotiation in server sockets only, but allow clients |
| slaxemulator@6444 | 5 to continue to renegotiate with vulnerable servers. |
| slaxemulator@6444 | 6 This value should only be used during the transition period when few |
| slaxemulator@6444 | 7 servers have been upgraded. |
| slaxemulator@6444 | 8 |
| slaxemulator@6444 | 9 diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c |
| slaxemulator@6444 | 10 index f1d1921..c074360 100644 |
| slaxemulator@6444 | 11 --- a/mozilla/security/nss/lib/ssl/sslsock.c |
| slaxemulator@6444 | 12 +++ b/mozilla/security/nss/lib/ssl/sslsock.c |
| slaxemulator@6444 | 13 @@ -181,7 +181,7 @@ static sslOptions ssl_defaults = { |
| slaxemulator@6444 | 14 PR_FALSE, /* noLocks */ |
| slaxemulator@6444 | 15 PR_FALSE, /* enableSessionTickets */ |
| slaxemulator@6444 | 16 PR_FALSE, /* enableDeflate */ |
| slaxemulator@6444 | 17 - 2, /* enableRenegotiation (default: requires extension) */ |
| slaxemulator@6444 | 18 + 3, /* enableRenegotiation (default: transitional) */ |
| slaxemulator@6444 | 19 PR_FALSE, /* requireSafeNegotiation */ |
| slaxemulator@6444 | 20 }; |
| slaxemulator@6444 | 21 |