537356 - Implement new safe SSL3 & TLS renegotiation. Change renegotiation default to be SSL_RENEGOTIATE_REQUIRES_XTN. r=wtc.

author: alexei.volkov.bugs%sun.com <devnull@localhost> 2010-02-26 20:44:54 +0000
committer: alexei.volkov.bugs%sun.com <devnull@localhost> 2010-02-26 20:44:54 +0000
commit: 5324cbe3d90e7e8451c6ef4f1736ed49c277aaa2 (patch)
tree: 734752f79d7d236d55bd2e5e7360f19722083e0b /security/nss
parent: 9379f5d70a125b385c8f09535c1f155696203070 (diff)
download: nss-hg-5324cbe3d90e7e8451c6ef4f1736ed49c277aaa2.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/security/nss/lib/ssl/sslsock.c b/security/nss/lib/ssl/sslsock.c
index b877bd28b..61f56f36c 100644
--- a/security/nss/lib/ssl/sslsock.c
+++ b/security/nss/lib/ssl/sslsock.c
@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {
     PR_FALSE,   /* noLocks            */
     PR_FALSE,   /* enableSessionTickets */
     PR_FALSE,   /* enableDeflate      */
-    3,          /* enableRenegotiation (default: transitional) */
+    2,          /* enableRenegotiation (default: requires extension) */
     PR_FALSE,   /* requireSafeNegotiation */
 };
 
@@ -2301,7 +2301,7 @@ ssl_NewSocket(PRBool makeLocks)
 	    	ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_NEVER;
 	    else if (ev[0] == '2' || LOWER(ev[0]) == 'r')
 		ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN;
-	    else
+	    else if (ev[0] == '3' || LOWER(ev[0]) == 't')
 	    	ssl_defaults.enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL;
 	    SSL_TRACE(("SSL: enableRenegotiation set to %d", 
 	               ssl_defaults.enableRenegotiation));
author	alexei.volkov.bugs%sun.com <devnull@localhost>	2010-02-26 20:44:54 +0000
committer	alexei.volkov.bugs%sun.com <devnull@localhost>	2010-02-26 20:44:54 +0000
commit	5324cbe3d90e7e8451c6ef4f1736ed49c277aaa2 (patch)
tree	734752f79d7d236d55bd2e5e7360f19722083e0b /security/nss
parent	9379f5d70a125b385c8f09535c1f155696203070 (diff)
download	nss-hg-5324cbe3d90e7e8451c6ef4f1736ed49c277aaa2.tar.gz