From 92510ab9648b34a0fceaa6b65ef36df5056a661c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Fabian=20Silva=20Delgado?= Date: Sun, 13 Apr 2014 04:48:47 -0300 Subject: nss: add new package to [libre] to add CAcert CA certificates support --- libre/nss/ssl-renegotiate-transitional.patch | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 libre/nss/ssl-renegotiate-transitional.patch (limited to 'libre/nss/ssl-renegotiate-transitional.patch') diff --git a/libre/nss/ssl-renegotiate-transitional.patch b/libre/nss/ssl-renegotiate-transitional.patch new file mode 100644 index 000000000..f457c5551 --- /dev/null +++ b/libre/nss/ssl-renegotiate-transitional.patch @@ -0,0 +1,21 @@ +Enable transitional scheme for ssl renegotiation: + +(from mozilla/security/nss/lib/ssl/ssl.h) +Disallow unsafe renegotiation in server sockets only, but allow clients +to continue to renegotiate with vulnerable servers. +This value should only be used during the transition period when few +servers have been upgraded. + +diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c +index f1d1921..c074360 100644 +--- a/mozilla/security/nss/lib/ssl/sslsock.c ++++ b/mozilla/security/nss/lib/ssl/sslsock.c +@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = { + PR_FALSE, /* noLocks */ + PR_FALSE, /* enableSessionTickets */ + PR_FALSE, /* enableDeflate */ +- 2, /* enableRenegotiation (default: requires extension) */ ++ 3, /* enableRenegotiation (default: transitional) */ + PR_FALSE, /* requireSafeNegotiation */ + }; + -- cgit v1.2.3-2-g168b