On Thu, Jan 24, 2013 at 1:52 AM, Sergey Emantayev
<sergey.emanta...@gmail.com> wrote:
>
> For the reference, I'm attaching the back ported fix for the 3.12.5, with no
> warranties.
[...snipped]
> --- nss-3.12.5-orig/mozilla/security/nss/lib/ssl/sslimpl.h Tue Jan 15
> 16:40:47 2013
> +++ nss-3.12.5/mozilla/security/nss/lib/ssl/sslimpl.h Wed Jan 16 15:12:23
> 2013
> @@ -337,6 +337,8 @@ typedef struct sslOptionsStr {
> unsigned int enableDeflate : 1; /* 19 */
> unsigned int enableRenegotiation : 2; /* 20-21 */
> unsigned int requireSafeNegotiation : 1; /* 22 */
> + unsigned int _enableFalseStart_notInUse : 1; /* 23 */
> + unsigned int cbcRandomIV : 1; /* 24 */
> } sslOptions;
>
> typedef enum { sslHandshakingUndetermined = 0,
> --- nss-3.12.5-orig/mozilla/security/nss/lib/ssl/sslsock.c Tue Jan 15
> 16:40:47 2013
> +++ nss-3.12.5/mozilla/security/nss/lib/ssl/sslsock.c Wed Jan 16 15:14:16
> 2013
> @@ -183,6 +183,8 @@ static sslOptions ssl_defaults = {
> PR_FALSE, /* enableDeflate */
> 0, /* enableRenegotiation (default: never) */
> PR_FALSE, /* requireSafeNegotiation */
> + PR_FALSE, /* enableFalseStart - not in use */
> + PR_TRUE /* cbcRandomIV */
> };
It should be unnecessary to reserve a bit for enableFalseStart, but it
is harmless to do so.
By the way, it should be safe to back port the patch to NSS 3.12.5, as
you have done.
Wan-Teh
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
