|
 |
5f1c2b |
diff -up nss/lib/ssl/sslsock.c.disable-ems nss/lib/ssl/sslsock.c
|
|
|
5f1c2b |
--- nss/lib/ssl/sslsock.c.disable-ems 2017-01-13 17:33:07.226905929 +0100
|
|
|
5f1c2b |
+++ nss/lib/ssl/sslsock.c 2017-01-13 17:35:19.175659702 +0100
|
|
|
5f1c2b |
@@ -75,6 +75,7 @@ static sslOptions ssl_defaults = {
|
|
|
5f1c2b |
PR_TRUE, /* reuseServerECDHEKey */
|
|
|
5f1c2b |
PR_FALSE, /* enableFallbackSCSV */
|
|
|
5f1c2b |
PR_TRUE, /* enableServerDhe */
|
|
|
1b6f66 |
+/* Keep extended-master-secret disabled until we have a compatible softokn. */
|
|
|
5f1c2b |
PR_FALSE, /* enableExtendedMS */
|
|
|
5f1c2b |
PR_FALSE, /* enableSignedCertTimestamps */
|
|
|
5f1c2b |
PR_FALSE, /* requireDHENamedGroups */
|
|
|
5f1c2b |
@@ -766,7 +767,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
|
|
|
5f1c2b |
break;
|
|
|
1b6f66 |
|
|
|
5f1c2b |
case SSL_ENABLE_EXTENDED_MASTER_SECRET:
|
|
|
1b6f66 |
+#if 0
|
|
|
1b6f66 |
+/* No-Op until we have a compatible softokn. */
|
|
|
5f1c2b |
ss->opt.enableExtendedMS = on;
|
|
|
1b6f66 |
+#endif
|
|
|
5f1c2b |
break;
|
|
|
1b6f66 |
|
|
|
5f1c2b |
case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
|
|
|
5f1c2b |
@@ -1199,7 +1203,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
|
|
|
5f1c2b |
break;
|
|
|
1b6f66 |
|
|
|
5f1c2b |
case SSL_ENABLE_EXTENDED_MASTER_SECRET:
|
|
|
1b6f66 |
+#if 0
|
|
|
1b6f66 |
+/* No-Op until we have a compatible softokn. */
|
|
|
5f1c2b |
ssl_defaults.enableExtendedMS = on;
|
|
|
1b6f66 |
+#endif
|
|
|
5f1c2b |
break;
|
|
|
1b6f66 |
|
|
|
5f1c2b |
case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
|