Bug 1127339 - Detect SSLv3-only server in PSM. r=keeler

2024-09-13 09:24:08 -07:00 · 2015-02-21 17:20:22 +09:00 · 2015-02-21 17:20:22 +09:00 · 50d0e8393e
commit 50d0e8393e
parent b4ab7dc95b
1 changed files with 6 additions and 0 deletions
--- a/security/manager/ssl/src/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/src/nsNSSIOLayer.cpp
@ -1209,6 +1209,12 @@ retryDueToTLSIntolerance(PRErrorCode err, nsNSSSocketInfo* socketInfo)
  SSLVersionRange range = socketInfo->GetTLSVersionRange();
  nsSSLIOLayerHelpers& helpers = socketInfo->SharedState().IOLayerHelpers();

+  if (err == SSL_ERROR_UNSUPPORTED_VERSION &&
+      range.min == SSL_LIBRARY_VERSION_TLS_1_0) {
+    socketInfo->SetSecurityState(nsIWebProgressListener::STATE_IS_INSECURE |
+                                 nsIWebProgressListener::STATE_USES_SSL_3);
+  }
+
  if (err == SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT) {
    // This is a clear signal that we've fallen back too many versions.  Treat
    // this as a hard failure, but forget any intolerance so that later attempts