Bug 810582: Only do SSL False Start with forward secret servers. The patch

is contributed by Adam Langley <agl@chromium.org>. r=wtc,bsmith.
author: wtc%google.com <devnull@localhost> 2012-11-13 01:30:09 +0000
committer: wtc%google.com <devnull@localhost> 2012-11-13 01:30:09 +0000
commit: a205050f9b52bbd7f9d04b35cec10093fab36dd9 (patch)
tree: dfea6f008742cb7de4056c72d960968e5c34a81d
parent: d7d41f9e80eb0169610d1d726b2f3ddc5937140e (diff)
download: nss-hg-a205050f9b52bbd7f9d04b35cec10093fab36dd9.tar.gz
1 files changed, 10 insertions, 3 deletions
diff --git a/security/nss/lib/ssl/ssl3con.c b/security/nss/lib/ssl/ssl3con.c
index 766dcffdd..61d5ddeac 100644
--- a/security/nss/lib/ssl/ssl3con.c
+++ b/security/nss/lib/ssl/ssl3con.c
@@ -6077,10 +6077,17 @@ ssl3_CanFalseStart(sslSocket *ss) {
 	 !ss->sec.isServer &&
 	 !ss->ssl3.hs.isResuming &&
 	 ss->ssl3.cwSpec &&
+
+	 /* An attacker can control the selected ciphersuite so we only wish to
+	  * do False Start in the case that the selected ciphersuite is
+	  * sufficiently strong that the attack can gain no advantage.
+	  * Therefore we require an 80-bit cipher and a forward-secret key
+	  * exchange. */
 	 ss->ssl3.cwSpec->cipher_def->secret_key_size >= 10 &&
-	(ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_rsa ||
-	 ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_dh  ||
-	 ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_ecdh);
+	(ss->ssl3.hs.kea_def->kea == kea_dhe_dss ||
+	 ss->ssl3.hs.kea_def->kea == kea_dhe_rsa ||
+	 ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa ||
+	 ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa);
     ssl_ReleaseSpecReadLock(ss);
     return rv;
 }
author	wtc%google.com <devnull@localhost>	2012-11-13 01:30:09 +0000
committer	wtc%google.com <devnull@localhost>	2012-11-13 01:30:09 +0000
commit	a205050f9b52bbd7f9d04b35cec10093fab36dd9 (patch)
tree	dfea6f008742cb7de4056c72d960968e5c34a81d
parent	d7d41f9e80eb0169610d1d726b2f3ddc5937140e (diff)
download	nss-hg-a205050f9b52bbd7f9d04b35cec10093fab36dd9.tar.gz