← Back to branch summary

~ubuntu-branches/ubuntu/natty/nss/natty-updates

« back to all changes in this revision

Viewing changes to debian/patches/97_SSL_RENEGOTIATE_TRANSITIONAL.patch

  • Committer: Bazaar Package Importer
  • Author(s): Chris Coulson
  • Date: 2010-03-31 20:42:18 UTC
  • Revision ID: james.westby@ubuntu.com-20100331204218-77kzj5ly8s0u4o7f
Tags: 3.12.6-0ubuntu2
https://launchpad.net/bugs/553251
* Enable transitional scheme for SSL renegotiation (LP: #553251)
  - add 97_SSL_RENEGOTIATE_TRANSITIONAL.patch
  - update debian/patches/series

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/97_SSL_RENEGOTIATE_TRANSITIONAL.patch
 
1
Enable transitional scheme for ssl renegotiation:
 
2
 
 
3
(from mozilla/security/nss/lib/ssl/ssl.h)
 
4
Disallow unsafe renegotiation in server sockets only, but allow clients
 
5
to continue to renegotiate with vulnerable servers.
 
6
This value should only be used during the transition period when few
 
7
servers have been upgraded.
 
8
 
 
9
diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c
 
10
index f1d1921..c074360 100644
 
11
--- a/mozilla/security/nss/lib/ssl/sslsock.c
 
12
+++ b/mozilla/security/nss/lib/ssl/sslsock.c
 
13
@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {
 
14
     PR_FALSE,   /* noLocks            */
 
15
     PR_FALSE,   /* enableSessionTickets */
 
16
     PR_FALSE,   /* enableDeflate      */
 
17
-    2,          /* enableRenegotiation (default: requires extension) */
 
18
+    3,          /* enableRenegotiation (default: transitional) */
 
19
     PR_FALSE,   /* requireSafeNegotiation */
 
20
 };
 
21