nss/tstclnt-ssl2-off-by-default.patch
Elio Maldonado 17f536942a - Fix patches that disable ssl2 and export cipher suites support
- Fix libssl patch that disables ssl2 & export cipher suites not disable RSA_WITH_NULL ciphers
- Fix syntax erros in patch to skip ssl2 and export cipher suite tests to only skip what;s needed
- Turn ssl2 off by default in the tstclnt tool
- Disable ssl stress tests containing TLS RC4 128 with MD5
- Resolves: Bug 1263005
2015-09-14 18:15:13 -07:00

22 lines
1.1 KiB
Diff

diff -up ./nss/cmd/tstclnt/tstclnt.c.ssl2_off ./nss/cmd/tstclnt/tstclnt.c
--- ./nss/cmd/tstclnt/tstclnt.c.ssl2_off 2015-08-07 11:12:13.000000000 -0700
+++ ./nss/cmd/tstclnt/tstclnt.c 2015-09-11 20:08:34.771859950 -0700
@@ -212,7 +212,7 @@ static void PrintParameterUsage(void)
fprintf(stderr,
"%-20s Restricts the set of enabled SSL/TLS protocols versions.\n"
"%-20s All versions are enabled by default.\n"
- "%-20s Possible values for min/max: ssl2 ssl3 tls1.0 tls1.1 tls1.2\n"
+ "%-20s Possible values for min/max: ssl3 tls1.0 tls1.1 tls1.2\n"
"%-20s Example: \"-V ssl3:\" enables SSL 3 and newer.\n",
"-V [min]:[max]", "", "", "");
fprintf(stderr, "%-20s Send TLS_FALLBACK_SCSV\n", "-K");
@@ -911,7 +911,7 @@ int main(int argc, char **argv)
int npds;
int override = 0;
SSLVersionRange enabledVersions;
- PRBool enableSSL2 = PR_TRUE;
+ PRBool enableSSL2 = PR_FALSE;
int bypassPKCS11 = 0;
int disableLocking = 0;
int useExportPolicy = 0;