Network Security Services
CentOS Sources
2018-05-14 74449011e876d8839a7a1053f27fcea5cd1ccf4e
SOURCES/renegotiate-transitional.patch
@@ -1,12 +1,12 @@
diff -up nss/lib/ssl/sslsock.c.transitional nss/lib/ssl/sslsock.c
--- nss/lib/ssl/sslsock.c.transitional   2016-08-15 17:57:58.146879056 +0200
+++ nss/lib/ssl/sslsock.c   2016-08-15 17:58:02.365758224 +0200
@@ -72,7 +72,7 @@ static sslOptions ssl_defaults = {
     PR_FALSE,              /* noLocks            */
     PR_FALSE,              /* enableSessionTickets */
     PR_FALSE,              /* enableDeflate      */
-    2,                     /* enableRenegotiation (default: requires extension) */
+    3,                     /* enableRenegotiation (default: transitional) */
     PR_FALSE,              /* requireSafeNegotiation */
     PR_FALSE,              /* enableFalseStart   */
     PR_TRUE,               /* cbcRandomIV        */
--- nss/lib/ssl/sslsock.c.transitional   2018-03-09 17:21:52.593560971 +0100
+++ nss/lib/ssl/sslsock.c   2018-03-09 17:22:21.096926523 +0100
@@ -67,7 +67,7 @@ static sslOptions ssl_defaults = {
     .noLocks = PR_FALSE,
     .enableSessionTickets = PR_FALSE,
     .enableDeflate = PR_FALSE,
-    .enableRenegotiation = SSL_RENEGOTIATE_REQUIRES_XTN,
+    .enableRenegotiation = SSL_RENEGOTIATE_TRANSITIONAL,
     .requireSafeNegotiation = PR_FALSE,
     .enableFalseStart = PR_FALSE,
     .cbcRandomIV = PR_TRUE,