rpms / nss

Clone
Source Code
GIT

Files

  1.   1b6f665190970dd9b12cca26c8a008a163ea704e
  2.   SOURCES
  3.   disable-extended-master-secret-with-old-softoken.patch
Blob Blame History Raw 
diff -up ./lib/ssl/sslsock.c.disable-ems ./lib/ssl/sslsock.c
--- ./lib/ssl/sslsock.c.disable-ems	2016-02-04 16:49:04.148123592 -0800
+++ ./lib/ssl/sslsock.c	2016-02-04 16:50:15.483801476 -0800
@@ -85,6 +85,7 @@ static sslOptions ssl_defaults = {
     PR_TRUE,    /* reuseServerECDHEKey */
     PR_FALSE,   /* enableFallbackSCSV */
     PR_TRUE,    /* enableServerDhe */
+/* Keep extended-master-secret disabled until we have a compatible softokn. */
     PR_FALSE    /* enableExtendedMS    */
 };
 
@@ -848,7 +849,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
         break;
 
       case SSL_ENABLE_EXTENDED_MASTER_SECRET:
+#if 0
+/* No-Op until we have a compatible softokn. */
         ss->opt.enableExtendedMS = on;
+#endif
         break;
 
       default:
@@ -1192,7 +1203,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
         break;
 
       case SSL_ENABLE_EXTENDED_MASTER_SECRET:
+#if 0
+/* No-Op until we have a compatible softokn. */
         ssl_defaults.enableExtendedMS = on;
+#endif
         break;
 
       default:

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation