mozilla-nss/renegotiate-transitional.patch
Wolfgang Rosenauer f7efd48411 - update to 3.13.1 RTM
* better SHA-224 support (bmo#647706)
  * fixed a regression (causing hangs in some situations)
    introduced in 3.13 (bmo#693228)
- update to 3.13.0 RTM
  * SSL 2.0 is disabled by default
  * A defense against the SSL 3.0 and TLS 1.0 CBC chosen plaintext
    attack demonstrated by Rizzo and Duong (CVE-2011-3389) is
    enabled by default. Set the SSL_CBC_RANDOM_IV SSL option to
    PR_FALSE to disable it.
  * SHA-224 is supported
  * Ported to iOS. (Requires NSPR 4.9.)
  * Added PORT_ErrorToString and PORT_ErrorToName to return the
    error message and symbolic name of an NSS error code
  * Added NSS_GetVersion to return the NSS version string
  * Added experimental support of RSA-PSS to the softoken only
  * NSS_NoDB_Init does not try to open /pkcs11.txt and /secmod.db
    anymore (bmo#641052, bnc#726096)

OBS-URL: https://build.opensuse.org/package/show/mozilla:Factory/mozilla-nss?expand=0&rev=89
2011-11-14 07:51:45 +00:00

23 lines
976 B
Diff

Index: security/nss/lib/ssl/sslsock.c
===================================================================
RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsock.c,v
retrieving revision 1.75
diff -u -p -6 -r1.75 sslsock.c
--- security/nss/lib/ssl/sslsock.c 22 Oct 2011 16:45:40 -0000 1.75
+++ security/nss/lib/ssl/sslsock.c 24 Oct 2011 12:52:25 -0000
@@ -178,13 +178,13 @@ static sslOptions ssl_defaults = {
PR_TRUE, /* detectRollBack */
PR_FALSE, /* noStepDown */
PR_FALSE, /* bypassPKCS11 */
PR_FALSE, /* noLocks */
PR_FALSE, /* enableSessionTickets */
PR_FALSE, /* enableDeflate */
- 2, /* enableRenegotiation (default: requires extension) */
+ 3, /* enableRenegotiation (default: transitional) */
PR_FALSE, /* requireSafeNegotiation */
PR_FALSE, /* enableFalseStart */
PR_TRUE /* cbcRandomIV */
};
sslSessionIDLookupFunc ssl_sid_lookup;