diff options
author | wtc%google.com <devnull@localhost> | 2012-11-13 01:30:09 +0000 |
---|---|---|
committer | wtc%google.com <devnull@localhost> | 2012-11-13 01:30:09 +0000 |
commit | a205050f9b52bbd7f9d04b35cec10093fab36dd9 (patch) | |
tree | dfea6f008742cb7de4056c72d960968e5c34a81d | |
parent | d7d41f9e80eb0169610d1d726b2f3ddc5937140e (diff) | |
download | nss-hg-a205050f9b52bbd7f9d04b35cec10093fab36dd9.tar.gz |
Bug 810582: Only do SSL False Start with forward secret servers. The patch
is contributed by Adam Langley <agl@chromium.org>. r=wtc,bsmith.
-rw-r--r-- | security/nss/lib/ssl/ssl3con.c | 13 |
1 files changed, 10 insertions, 3 deletions
diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c index 766dcffdd..61d5ddeac 100644 --- a/security/nss/lib/ssl/ssl3con.c +++ b/security/nss/lib/ssl/ssl3con.c @@ -6077,10 +6077,17 @@ ssl3_CanFalseStart(sslSocket *ss) { !ss->sec.isServer && !ss->ssl3.hs.isResuming && ss->ssl3.cwSpec && + + /* An attacker can control the selected ciphersuite so we only wish to + * do False Start in the case that the selected ciphersuite is + * sufficiently strong that the attack can gain no advantage. + * Therefore we require an 80-bit cipher and a forward-secret key + * exchange. */ ss->ssl3.cwSpec->cipher_def->secret_key_size >= 10 && - (ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_rsa || - ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_dh || - ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_ecdh); + (ss->ssl3.hs.kea_def->kea == kea_dhe_dss || + ss->ssl3.hs.kea_def->kea == kea_dhe_rsa || + ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa || + ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa); ssl_ReleaseSpecReadLock(ss); return rv; } |