f7efd48411
* better SHA-224 support (bmo#647706) * fixed a regression (causing hangs in some situations) introduced in 3.13 (bmo#693228) - update to 3.13.0 RTM * SSL 2.0 is disabled by default * A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext attack demonstrated by Rizzo and Duong (CVE-2011-3389) is enabled by default. Set the SSL_CBC_RANDOM_IV SSL option to PR_FALSE to disable it. * SHA-224 is supported * Ported to iOS. (Requires NSPR 4.9.) * Added PORT_ErrorToString and PORT_ErrorToName to return the error message and symbolic name of an NSS error code * Added NSS_GetVersion to return the NSS version string * Added experimental support of RSA-PSS to the softoken only * NSS_NoDB_Init does not try to open /pkcs11.txt and /secmod.db anymore (bmo#641052, bnc#726096) OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=89
23 lines
976 B
Diff
23 lines
976 B
Diff
Index: security/nss/lib/ssl/sslsock.c
|
|
===================================================================
|
|
RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsock.c,v
|
|
retrieving revision 1.75
|
|
diff -u -p -6 -r1.75 sslsock.c
|
|
--- security/nss/lib/ssl/sslsock.c 22 Oct 2011 16:45:40 -0000 1.75
|
|
+++ security/nss/lib/ssl/sslsock.c 24 Oct 2011 12:52:25 -0000
|
|
@@ -178,13 +178,13 @@ static sslOptions ssl_defaults = {
|
|
PR_TRUE, /* detectRollBack */
|
|
PR_FALSE, /* noStepDown */
|
|
PR_FALSE, /* bypassPKCS11 */
|
|
PR_FALSE, /* noLocks */
|
|
PR_FALSE, /* enableSessionTickets */
|
|
PR_FALSE, /* enableDeflate */
|
|
- 2, /* enableRenegotiation (default: requires extension) */
|
|
+ 3, /* enableRenegotiation (default: transitional) */
|
|
PR_FALSE, /* requireSafeNegotiation */
|
|
PR_FALSE, /* enableFalseStart */
|
|
PR_TRUE /* cbcRandomIV */
|
|
};
|
|
|
|
sslSessionIDLookupFunc ssl_sid_lookup;
|