diff options
| author | Martin Thomson <martin.thomson@gmail.com> | 2017-11-20 21:27:05 +1100 |
|---|---|---|
| committer | Martin Thomson <martin.thomson@gmail.com> | 2017-11-20 21:27:05 +1100 |
| commit | 1ed84672937a2e2d8c1d28568a22337ec6561809 (patch) | |
| tree | c0713f7bdb8111321edc46ead61e59fee4af5d0d | |
| parent | 4eb088a0f83894e10e889bd1aaaa065f609bfe1e (diff) | |
| download | nss-hg-1ed84672937a2e2d8c1d28568a22337ec6561809.tar.gz | |
Bug 1418948 - Configure anti-replay for selfserv, r=ekr
| -rw-r--r-- | cmd/selfserv/selfserv.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/cmd/selfserv/selfserv.c b/cmd/selfserv/selfserv.c index e3dccf144..f3ea45969 100644 --- a/cmd/selfserv/selfserv.c +++ b/cmd/selfserv/selfserv.c @@ -38,6 +38,7 @@ #include "nss.h" #include "ssl.h" #include "sslproto.h" +#include "sslexp.h" #include "cert.h" #include "certt.h" #include "ocsp.h" @@ -1953,6 +1954,10 @@ server_main( if (enabledVersions.max < SSL_LIBRARY_VERSION_TLS_1_3) { errExit("You tried enabling 0RTT without enabling TLS 1.3!"); } + rv = SSL_SetupAntiReplay(10 * PR_USEC_PER_SEC, 7, 14); + if (rv != SECSuccess) { + errExit("error configuring anti-replay "); + } rv = SSL_OptionSet(model_sock, SSL_ENABLE_0RTT_DATA, PR_TRUE); if (rv != SECSuccess) { errExit("error enabling 0RTT "); |