From 22f6b394a49ad6c5b8f6e69dcd96297a7086859f Mon Sep 17 00:00:00 2001 From: Martin Thomson Date: Wed, 17 Jan 2018 18:24:36 +1100 Subject: Backed out changeset fa1f3948cb00 --- lib/ssl/sslsock.c | 70 ++++++++++++++++++++++--------------------------------- 1 file changed, 28 insertions(+), 42 deletions(-) (limited to 'lib/ssl/sslsock.c') diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c index 02ca3ad1b..4893cb9f9 100644 --- a/lib/ssl/sslsock.c +++ b/lib/ssl/sslsock.c @@ -53,35 +53,34 @@ static const sslSocketOps ssl_secure_ops = { /* SSL. */ ** default settings for socket enables */ static sslOptions ssl_defaults = { - .nextProtoNego = { siBuffer, NULL, 0 }, - .maxEarlyDataSize = 1 << 16, - .useSecurity = PR_TRUE, - .useSocks = PR_FALSE, - .requestCertificate = PR_FALSE, - .requireCertificate = SSL_REQUIRE_FIRST_HANDSHAKE, - .handshakeAsClient = PR_FALSE, - .handshakeAsServer = PR_FALSE, - .noCache = PR_FALSE, - .fdx = PR_FALSE, - .detectRollBack = PR_TRUE, - .noLocks = PR_FALSE, - .enableSessionTickets = PR_FALSE, - .enableDeflate = PR_FALSE, - .enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN, - .requireSafeNegotiation = PR_FALSE, - .enableFalseStart = PR_FALSE, - .cbcRandomIV = PR_TRUE, - .enableOCSPStapling = PR_FALSE, - .enableNPN = PR_FALSE, - .enableALPN = PR_TRUE, - .reuseServerECDHEKey = PR_TRUE, - .enableFallbackSCSV = PR_FALSE, - .enableServerDhe = PR_TRUE, - .enableExtendedMS = PR_FALSE, - .enableSignedCertTimestamps = PR_FALSE, - .requireDHENamedGroups = PR_FALSE, - .enable0RttData = PR_FALSE, - .enableTls13CompatMode = PR_FALSE + { siBuffer, NULL, 0 }, /* nextProtoNego */ + PR_TRUE, /* useSecurity */ + PR_FALSE, /* useSocks */ + PR_FALSE, /* requestCertificate */ + 2, /* requireCertificate */ + PR_FALSE, /* handshakeAsClient */ + PR_FALSE, /* handshakeAsServer */ + PR_FALSE, /* noCache */ + PR_FALSE, /* fdx */ + PR_TRUE, /* detectRollBack */ + PR_FALSE, /* noLocks */ + PR_FALSE, /* enableSessionTickets */ + PR_FALSE, /* enableDeflate */ + 2, /* enableRenegotiation (default: requires extension) */ + PR_FALSE, /* requireSafeNegotiation */ + PR_FALSE, /* enableFalseStart */ + PR_TRUE, /* cbcRandomIV */ + PR_FALSE, /* enableOCSPStapling */ + PR_FALSE, /* enableNPN */ + PR_TRUE, /* enableALPN */ + PR_TRUE, /* reuseServerECDHEKey */ + PR_FALSE, /* enableFallbackSCSV */ + PR_TRUE, /* enableServerDhe */ + PR_FALSE, /* enableExtendedMS */ + PR_FALSE, /* enableSignedCertTimestamps */ + PR_FALSE, /* requireDHENamedGroups */ + PR_FALSE, /* enable0RttData */ + PR_FALSE /* enableTls13CompatMode */ }; /* @@ -1253,18 +1252,6 @@ SSL_OptionSetDefault(PRInt32 which, PRIntn val) return SECSuccess; } -SECStatus -SSLExp_SetMaxEarlyDataSize(PRFileDesc *fd, PRUint32 size) -{ - sslSocket *ss = ssl_FindSocket(fd); - if (!ss) { - return SECFailure; /* Error code already set. */ - } - - ss->opt.maxEarlyDataSize = size; - return SECSuccess; -} - /* function tells us if the cipher suite is one that we no longer support. */ static PRBool ssl_IsRemovedCipherSuite(PRInt32 suite) @@ -3945,7 +3932,6 @@ struct { EXP(InstallExtensionHooks), EXP(KeyUpdate), EXP(SendSessionTicket), - EXP(SetMaxEarlyDataSize), EXP(SetupAntiReplay), #endif { "", NULL } -- cgit v1.2.1