diff options
| author | Martin Thomson <martin.thomson@gmail.com> | 2018-01-17 18:24:36 +1100 |
|---|---|---|
| committer | Martin Thomson <martin.thomson@gmail.com> | 2018-01-17 18:24:36 +1100 |
| commit | 22f6b394a49ad6c5b8f6e69dcd96297a7086859f (patch) | |
| tree | 11af89e2cd2cd73f55ad89f6117be576a66bd33d /lib/ssl/sslsock.c | |
| parent | d81f3ee28e1e9f0caf6b6543cc1626aa66a5b19a (diff) | |
| download | nss-hg-22f6b394a49ad6c5b8f6e69dcd96297a7086859f.tar.gz | |
Backed out changeset fa1f3948cb00
Diffstat (limited to 'lib/ssl/sslsock.c')
| -rw-r--r-- | lib/ssl/sslsock.c | 70 |
1 files changed, 28 insertions, 42 deletions
diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c index 02ca3ad1b..4893cb9f9 100644 --- a/lib/ssl/sslsock.c +++ b/lib/ssl/sslsock.c @@ -53,35 +53,34 @@ static const sslSocketOps ssl_secure_ops = { /* SSL. */ ** default settings for socket enables */ static sslOptions ssl_defaults = { - .nextProtoNego = { siBuffer, NULL, 0 }, - .maxEarlyDataSize = 1 << 16, - .useSecurity = PR_TRUE, - .useSocks = PR_FALSE, - .requestCertificate = PR_FALSE, - .requireCertificate = SSL_REQUIRE_FIRST_HANDSHAKE, - .handshakeAsClient = PR_FALSE, - .handshakeAsServer = PR_FALSE, - .noCache = PR_FALSE, - .fdx = PR_FALSE, - .detectRollBack = PR_TRUE, - .noLocks = PR_FALSE, - .enableSessionTickets = PR_FALSE, - .enableDeflate = PR_FALSE, - .enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN, - .requireSafeNegotiation = PR_FALSE, - .enableFalseStart = PR_FALSE, - .cbcRandomIV = PR_TRUE, - .enableOCSPStapling = PR_FALSE, - .enableNPN = PR_FALSE, - .enableALPN = PR_TRUE, - .reuseServerECDHEKey = PR_TRUE, - .enableFallbackSCSV = PR_FALSE, - .enableServerDhe = PR_TRUE, - .enableExtendedMS = PR_FALSE, - .enableSignedCertTimestamps = PR_FALSE, - .requireDHENamedGroups = PR_FALSE, - .enable0RttData = PR_FALSE, - .enableTls13CompatMode = PR_FALSE + { siBuffer, NULL, 0 }, /* nextProtoNego */ + PR_TRUE, /* useSecurity */ + PR_FALSE, /* useSocks */ + PR_FALSE, /* requestCertificate */ + 2, /* requireCertificate */ + PR_FALSE, /* handshakeAsClient */ + PR_FALSE, /* handshakeAsServer */ + PR_FALSE, /* noCache */ + PR_FALSE, /* fdx */ + PR_TRUE, /* detectRollBack */ + PR_FALSE, /* noLocks */ + PR_FALSE, /* enableSessionTickets */ + PR_FALSE, /* enableDeflate */ + 2, /* enableRenegotiation (default: requires extension) */ + PR_FALSE, /* requireSafeNegotiation */ + PR_FALSE, /* enableFalseStart */ + PR_TRUE, /* cbcRandomIV */ + PR_FALSE, /* enableOCSPStapling */ + PR_FALSE, /* enableNPN */ + PR_TRUE, /* enableALPN */ + PR_TRUE, /* reuseServerECDHEKey */ + PR_FALSE, /* enableFallbackSCSV */ + PR_TRUE, /* enableServerDhe */ + PR_FALSE, /* enableExtendedMS */ + PR_FALSE, /* enableSignedCertTimestamps */ + PR_FALSE, /* requireDHENamedGroups */ + PR_FALSE, /* enable0RttData */ + PR_FALSE /* enableTls13CompatMode */ }; /* @@ -1253,18 +1252,6 @@ SSL_OptionSetDefault(PRInt32 which, PRIntn val) return SECSuccess; } -SECStatus -SSLExp_SetMaxEarlyDataSize(PRFileDesc *fd, PRUint32 size) -{ - sslSocket *ss = ssl_FindSocket(fd); - if (!ss) { - return SECFailure; /* Error code already set. */ - } - - ss->opt.maxEarlyDataSize = size; - return SECSuccess; -} - /* function tells us if the cipher suite is one that we no longer support. */ static PRBool ssl_IsRemovedCipherSuite(PRInt32 suite) @@ -3945,7 +3932,6 @@ struct { EXP(InstallExtensionHooks), EXP(KeyUpdate), EXP(SendSessionTicket), - EXP(SetMaxEarlyDataSize), EXP(SetupAntiReplay), #endif { "", NULL } |