1
Enable transitional scheme for ssl renegotiation:
3
(from mozilla/security/nss/lib/ssl/ssl.h)
4
Disallow unsafe renegotiation in server sockets only, but allow clients
5
to continue to renegotiate with vulnerable servers.
6
This value should only be used during the transition period when few
7
servers have been upgraded.
9
diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c
10
index f1d1921..c074360 100644
11
--- a/mozilla/security/nss/lib/ssl/sslsock.c
12
+++ b/mozilla/security/nss/lib/ssl/sslsock.c
13
@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {
14
PR_FALSE, /* noLocks */
15
PR_FALSE, /* enableSessionTickets */
16
PR_FALSE, /* enableDeflate */
17
- 2, /* enableRenegotiation (default: requires extension) */
18
+ 3, /* enableRenegotiation (default: transitional) */
19
PR_FALSE, /* requireSafeNegotiation */