21 lines
865 B
Diff
21 lines
865 B
Diff
Enable transitional scheme for ssl renegotiation:
|
|
|
|
(from mozilla/security/nss/lib/ssl/ssl.h)
|
|
Disallow unsafe renegotiation in server sockets only, but allow clients
|
|
to continue to renegotiate with vulnerable servers.
|
|
This value should only be used during the transition period when few
|
|
servers have been upgraded.
|
|
|
|
diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c
|
|
index f1d1921..c074360 100644
|
|
--- nss/lib/ssl/sslsock.c
|
|
+++ nss/lib/ssl/sslsock.c
|
|
@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {
|
|
PR_FALSE, /* noLocks */
|
|
PR_FALSE, /* enableSessionTickets */
|
|
PR_FALSE, /* enableDeflate */
|
|
- 2, /* enableRenegotiation (default: requires extension) */
|
|
+ 3, /* enableRenegotiation (default: transitional) */
|
|
PR_FALSE, /* requireSafeNegotiation */
|
|
};
|
|
|