summaryrefslogtreecommitdiffstats
path: root/main/nss/ssl-renegotiate-transitional.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/nss/ssl-renegotiate-transitional.patch')
-rw-r--r--main/nss/ssl-renegotiate-transitional.patch21
1 files changed, 21 insertions, 0 deletions
diff --git a/main/nss/ssl-renegotiate-transitional.patch b/main/nss/ssl-renegotiate-transitional.patch
new file mode 100644
index 00000000..f457c555
--- /dev/null
+++ b/main/nss/ssl-renegotiate-transitional.patch
@@ -0,0 +1,21 @@
+Enable transitional scheme for ssl renegotiation:
+
+(from mozilla/security/nss/lib/ssl/ssl.h)
+Disallow unsafe renegotiation in server sockets only, but allow clients
+to continue to renegotiate with vulnerable servers.
+This value should only be used during the transition period when few
+servers have been upgraded.
+
+diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c
+index f1d1921..c074360 100644
+--- a/mozilla/security/nss/lib/ssl/sslsock.c
++++ b/mozilla/security/nss/lib/ssl/sslsock.c
+@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {
+ PR_FALSE, /* noLocks */
+ PR_FALSE, /* enableSessionTickets */
+ PR_FALSE, /* enableDeflate */
+- 2, /* enableRenegotiation (default: requires extension) */
++ 3, /* enableRenegotiation (default: transitional) */
+ PR_FALSE, /* requireSafeNegotiation */
+ };
+
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-19 16:07:17 +0000