1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
|
Enable transitional scheme for ssl renegotiation:
(from nss/lib/ssl/ssl.h)
Disallow unsafe renegotiation in server sockets only, but allow clients
to continue to renegotiate with vulnerable servers.
This value should only be used during the transition period when few
servers have been upgraded.
Index: nss/nss/lib/ssl/sslsock.c
===================================================================
--- nss.orig/nss/lib/ssl/sslsock.c 2013-10-21 08:03:16.836020806 +0900
+++ nss/nss/lib/ssl/sslsock.c 2013-10-21 08:03:16.832020901 +0900
@@ -74,7 +74,7 @@
PR_FALSE, /* noLocks */
PR_FALSE, /* enableSessionTickets */
PR_FALSE, /* enableDeflate */
- 2, /* enableRenegotiation (default: requires extension) */
+ 3, /* enableRenegotiation (default: transitional) */
PR_FALSE, /* requireSafeNegotiation */
PR_FALSE, /* enableFalseStart */
PR_TRUE, /* cbcRandomIV */
|
