rpms / nss

Clone
Source Code
GIT

Files

  1.   ad495a7d5e81336c73e85a34ea9491f08a6c63a3
  2.   SOURCES
  3.   disable-extended-master-secret-with-old-softoken.patch
Blob Blame History Raw 
diff -up nss/lib/ssl/sslsock.c.disable-ems nss/lib/ssl/sslsock.c
--- nss/lib/ssl/sslsock.c.disable-ems	2017-01-13 17:33:07.226905929 +0100
+++ nss/lib/ssl/sslsock.c	2017-01-13 17:35:19.175659702 +0100
@@ -75,6 +75,7 @@ static sslOptions ssl_defaults = {
     PR_TRUE,               /* reuseServerECDHEKey */
     PR_FALSE,              /* enableFallbackSCSV */
     PR_TRUE,               /* enableServerDhe */
+/* Keep extended-master-secret disabled until we have a compatible softokn. */
     PR_FALSE,              /* enableExtendedMS    */
     PR_FALSE,              /* enableSignedCertTimestamps */
     PR_FALSE,              /* requireDHENamedGroups */
@@ -766,7 +767,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh
             break;
 
         case SSL_ENABLE_EXTENDED_MASTER_SECRET:
+#if 0
+/* No-Op until we have a compatible softokn. */
             ss->opt.enableExtendedMS = on;
+#endif
             break;
 
         case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:
@@ -1199,7 +1203,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo
             break;
 
         case SSL_ENABLE_EXTENDED_MASTER_SECRET:
+#if 0
+/* No-Op until we have a compatible softokn. */
             ssl_defaults.enableExtendedMS = on;
+#endif
             break;
 
         case SSL_ENABLE_SIGNED_CERT_TIMESTAMPS:

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation