From 0d673b36cc6485e4f0d08c1ce88d130d783550ce Mon Sep 17 00:00:00 2001 From: Daiki Ueno Date: Thu, 22 Oct 2020 17:06:28 +0200 Subject: [PATCH] Enable TLS 1.3 middlebox compatibility mode by default --- nss-ccs.patch | 13 +++++++++++++ nss.spec | 7 ++++++- 2 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 nss-ccs.patch diff --git a/nss-ccs.patch b/nss-ccs.patch new file mode 100644 index 0000000..8a258f4 --- /dev/null +++ b/nss-ccs.patch @@ -0,0 +1,13 @@ +Index: nss/lib/ssl/sslsock.c +=================================================================== +--- nss.orig/lib/ssl/sslsock.c ++++ nss/lib/ssl/sslsock.c +@@ -86,7 +86,7 @@ static sslOptions ssl_defaults = { + .enableSignedCertTimestamps = PR_FALSE, + .requireDHENamedGroups = PR_FALSE, + .enable0RttData = PR_FALSE, +- .enableTls13CompatMode = PR_FALSE, ++ .enableTls13CompatMode = PR_TRUE, + .enableDtls13VersionCompat = PR_FALSE, + .enableDtlsShortHeader = PR_FALSE, + .enableHelloDowngradeCheck = PR_FALSE, diff --git a/nss.spec b/nss.spec index 198944b..3b11c63 100644 --- a/nss.spec +++ b/nss.spec @@ -44,7 +44,7 @@ rpm.define(string.format("nss_release_tag NSS_%s_RTM", Summary: Network Security Services Name: nss Version: %{nss_version} -Release: 1%{?dist} +Release: 2%{?dist} License: MPLv2.0 URL: http://www.mozilla.org/projects/security/pki/nss/ Requires: nspr >= %{nspr_version} @@ -106,6 +106,8 @@ Patch2: nss-539183.patch # Once the buildroot aha been bootstrapped the patch may be removed # but it doesn't hurt to keep it. Patch4: iquote.patch +# Upstream: https://bugzilla.mozilla.org/show_bug.cgi?id=1672703 +Patch5: nss-ccs.patch Patch12: nss-signtool-format.patch %if 0%{?fedora} < 34 %if 0%{?rhel} < 9 @@ -902,6 +904,9 @@ update-crypto-policies &> /dev/null || : %changelog +* Thu Oct 22 2020 Daiki Ueno - 3.58.0-2 +- Enable TLS 1.3 middlebox compatibility mode by default + * Tue Oct 20 2020 Daiki Ueno - 3.58.0-1 - Update to NSS 3.58