diff options
author | Koen Kooi <koen@openembedded.org> | 2010-04-16 14:44:11 +0200 |
---|---|---|
committer | Koen Kooi <koen@openembedded.org> | 2010-04-16 14:44:11 +0200 |
commit | c35a432051fe5e4f42c8b35845af5eddf00ddeb3 (patch) | |
tree | 300f4fa9c29433668d92759873117f9954412286 /recipes/mozilla/nss-3.12.6/97_SSL_RENEGOTIATE_TRANSITIONAL.patch | |
parent | 17e346ad3489908895177caf63c620eeff6d9a97 (diff) | |
download | openembedded-c35a432051fe5e4f42c8b35845af5eddf00ddeb3.tar.gz |
nss: update to 3.12.6
Diffstat (limited to 'recipes/mozilla/nss-3.12.6/97_SSL_RENEGOTIATE_TRANSITIONAL.patch')
-rw-r--r-- | recipes/mozilla/nss-3.12.6/97_SSL_RENEGOTIATE_TRANSITIONAL.patch | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/recipes/mozilla/nss-3.12.6/97_SSL_RENEGOTIATE_TRANSITIONAL.patch b/recipes/mozilla/nss-3.12.6/97_SSL_RENEGOTIATE_TRANSITIONAL.patch new file mode 100644 index 0000000000..f457c55518 --- /dev/null +++ b/recipes/mozilla/nss-3.12.6/97_SSL_RENEGOTIATE_TRANSITIONAL.patch @@ -0,0 +1,21 @@ +Enable transitional scheme for ssl renegotiation: + +(from mozilla/security/nss/lib/ssl/ssl.h) +Disallow unsafe renegotiation in server sockets only, but allow clients +to continue to renegotiate with vulnerable servers. +This value should only be used during the transition period when few +servers have been upgraded. + +diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c +index f1d1921..c074360 100644 +--- a/mozilla/security/nss/lib/ssl/sslsock.c ++++ b/mozilla/security/nss/lib/ssl/sslsock.c +@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = { + PR_FALSE, /* noLocks */ + PR_FALSE, /* enableSessionTickets */ + PR_FALSE, /* enableDeflate */ +- 2, /* enableRenegotiation (default: requires extension) */ ++ 3, /* enableRenegotiation (default: transitional) */ + PR_FALSE, /* requireSafeNegotiation */ + }; + |