mirror of
https://gitlab.winehq.org/wine/wine-gecko.git
synced 2024-09-13 09:24:08 -07:00
Bug 920248: Temporarily disable TLS false start, r=keeler, r=wtc
--HG-- extra : rebase_source : 4fc35de2d6e2dc99de11b2a2d0c0f3ebe1de8b97
This commit is contained in:
parent
38a6d76524
commit
275e5cbaaf
@ -13,7 +13,7 @@ pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
|
||||
pref("security.ssl.require_safe_negotiation", false);
|
||||
pref("security.ssl.warn_missing_rfc5746", 1);
|
||||
pref("security.ssl.enable_ocsp_stapling", true);
|
||||
pref("security.ssl.enable_false_start", true);
|
||||
pref("security.ssl.enable_false_start", false);
|
||||
pref("security.ssl.false_start.require-npn", true);
|
||||
pref("security.ssl.false_start.require-forward-secrecy", false);
|
||||
|
||||
|
@ -1215,11 +1215,10 @@ nsNSSComponent::InitializeNSS(bool showWarningBox)
|
||||
SSL_RENEGOTIATE_UNRESTRICTED :
|
||||
SSL_RENEGOTIATE_REQUIRES_XTN);
|
||||
|
||||
#ifdef SSL_ENABLE_FALSE_START // Requires NSS 3.12.8
|
||||
bool falseStartEnabled = Preferences::GetBool("security.ssl.enable_false_start",
|
||||
FALSE_START_ENABLED_DEFAULT);
|
||||
SSL_OptionSetDefault(SSL_ENABLE_FALSE_START, falseStartEnabled);
|
||||
#endif
|
||||
// Bug 920248: temporarily disable false start
|
||||
// bool falseStartEnabled = Preferences::GetBool("security.ssl.enable_false_start",
|
||||
// FALSE_START_ENABLED_DEFAULT);
|
||||
SSL_OptionSetDefault(SSL_ENABLE_FALSE_START, false);
|
||||
|
||||
// Disable any ciphers that NSS might have enabled by default
|
||||
for (uint16_t i = 0; i < SSL_NumImplementedCiphers; ++i)
|
||||
@ -1651,12 +1650,11 @@ nsNSSComponent::Observe(nsISupports *aSubject, const char *aTopic,
|
||||
allowUnrestrictedRenego ?
|
||||
SSL_RENEGOTIATE_UNRESTRICTED :
|
||||
SSL_RENEGOTIATE_REQUIRES_XTN);
|
||||
#ifdef SSL_ENABLE_FALSE_START // Requires NSS 3.12.8
|
||||
} else if (prefName.Equals("security.ssl.enable_false_start")) {
|
||||
bool falseStartEnabled = Preferences::GetBool("security.ssl.enable_false_start",
|
||||
FALSE_START_ENABLED_DEFAULT);
|
||||
SSL_OptionSetDefault(SSL_ENABLE_FALSE_START, falseStartEnabled);
|
||||
#endif
|
||||
// Bug 920248: temporarily disable false start
|
||||
// bool falseStartEnabled = Preferences::GetBool("security.ssl.enable_false_start",
|
||||
// FALSE_START_ENABLED_DEFAULT);
|
||||
SSL_OptionSetDefault(SSL_ENABLE_FALSE_START, false);
|
||||
} else if (prefName.Equals("security.OCSP.enabled")
|
||||
|| prefName.Equals("security.CRL_download.enabled")
|
||||
|| prefName.Equals("security.fresh_revocation_info.require")
|
||||
|
Loading…
Reference in New Issue
Block a user