void-packages/srcpkgs/nss/patches/ssl-renegotiate-transitional.patch

Enable transitional scheme for ssl renegotiation:

(from mozilla/security/nss/lib/ssl/ssl.h)
Disallow unsafe renegotiation in server sockets only, but allow clients
to continue to renegotiate with vulnerable servers.
This value should only be used during the transition period when few
servers have been upgraded.

diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c
index f1d1921..c074360 100644
--- nss/lib/ssl/sslsock.c
+++ nss/lib/ssl/sslsock.c
@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {
     PR_FALSE,   /* noLocks            */
     PR_FALSE,   /* enableSessionTickets */
     PR_FALSE,   /* enableDeflate      */
-    2,          /* enableRenegotiation (default: requires extension) */
+    3,          /* enableRenegotiation (default: transitional) */
     PR_FALSE,   /* requireSafeNegotiation */
 };
nss: added some patches from Debian. 2011-10-08 11:00:22 +00:00			`Enable transitional scheme for ssl renegotiation:`

			`(from mozilla/security/nss/lib/ssl/ssl.h)`
			`Disallow unsafe renegotiation in server sockets only, but allow clients`
			`to continue to renegotiate with vulnerable servers.`
			`This value should only be used during the transition period when few`
			`servers have been upgraded.`

			`diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c`
			`index f1d1921..c074360 100644`
nss: update to 3.15.1. 2013-08-07 09:06:23 +00:00			`--- nss/lib/ssl/sslsock.c`
			`+++ nss/lib/ssl/sslsock.c`
nss: added some patches from Debian. 2011-10-08 11:00:22 +00:00			`@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {`
			`PR_FALSE, /* noLocks */`
			`PR_FALSE, /* enableSessionTickets */`
			`PR_FALSE, /* enableDeflate */`
			`- 2, /* enableRenegotiation (default: requires extension) */`
			`+ 3, /* enableRenegotiation (default: transitional) */`
			`PR_FALSE, /* requireSafeNegotiation */`
			`};`