nss/nss-ssl-cbc-random-iv-off-by-default.patch
Elio Maldonado 40928cb8e3 - Resolves: Bug 770682 - nss update breaks pidgin-sipe connectivity
- Set NSS_SSL_CBC_RANDOM_IV to 0 by default and change to 1 on user request
2012-01-06 15:50:45 -08:00

26 lines
1.0 KiB
Diff

diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.compatible ./mozilla/security/nss/lib/ssl/sslsock.c
--- ./mozilla/security/nss/lib/ssl/sslsock.c.compatible 2012-01-05 13:54:36.430389994 -0800
+++ ./mozilla/security/nss/lib/ssl/sslsock.c 2012-01-05 13:55:25.810750394 -0800
@@ -184,7 +184,7 @@ static sslOptions ssl_defaults = {
3, /* enableRenegotiation (default: transitional) */
PR_FALSE, /* requireSafeNegotiation */
PR_FALSE, /* enableFalseStart */
- PR_TRUE /* cbcRandomIV */
+ PR_FALSE /* cbcRandomIV */ /* defaults to off for compatibility */
};
sslSessionIDLookupFunc ssl_sid_lookup;
@@ -2359,9 +2359,9 @@ ssl_SetDefaultsFromEnvironment(void)
PR_TRUE));
}
ev = getenv("NSS_SSL_CBC_RANDOM_IV");
- if (ev && ev[0] == '0') {
- ssl_defaults.cbcRandomIV = PR_FALSE;
- SSL_TRACE(("SSL: cbcRandomIV set to 0"));
+ if (ev && ev[0] == '1') {
+ ssl_defaults.cbcRandomIV = PR_TRUE;
+ SSL_TRACE(("SSL: cbcRandomIV set to 1"));
}
}
#endif /* NSS_HAVE_GETENV */