2013-04-09 23:14:36 +00:00
|
|
|
diff -up nss/lib/ssl/sslsock.c.cbcrandomivoff nss/lib/ssl/sslsock.c
|
2013-06-15 19:48:12 +00:00
|
|
|
--- nss/lib/ssl/sslsock.c.cbcrandomivoff 2013-05-30 22:20:52.181292812 -0700
|
|
|
|
+++ nss/lib/ssl/sslsock.c 2013-05-30 22:20:52.194292913 -0700
|
|
|
|
@@ -152,7 +152,7 @@ static sslOptions ssl_defaults = {
|
2012-01-06 23:50:45 +00:00
|
|
|
3, /* enableRenegotiation (default: transitional) */
|
|
|
|
PR_FALSE, /* requireSafeNegotiation */
|
|
|
|
PR_FALSE, /* enableFalseStart */
|
2013-04-09 23:14:36 +00:00
|
|
|
- PR_TRUE, /* cbcRandomIV */
|
2012-11-28 20:52:53 +00:00
|
|
|
+ PR_FALSE /* cbcRandomIV */ /* defaults to off for compatibility */
|
2013-04-09 23:14:36 +00:00
|
|
|
PR_FALSE /* enableOCSPStapling */
|
2012-01-06 23:50:45 +00:00
|
|
|
};
|
|
|
|
|
2013-06-15 19:48:12 +00:00
|
|
|
@@ -2906,9 +2906,9 @@ ssl_SetDefaultsFromEnvironment(void)
|
2013-02-01 19:24:15 +00:00
|
|
|
PR_TRUE));
|
|
|
|
}
|
|
|
|
ev = getenv("NSS_SSL_CBC_RANDOM_IV");
|
|
|
|
- if (ev && ev[0] == '0') {
|
|
|
|
- ssl_defaults.cbcRandomIV = PR_FALSE;
|
|
|
|
- SSL_TRACE(("SSL: cbcRandomIV set to 0"));
|
|
|
|
+ if (ev && ev[0] == '1') {
|
|
|
|
+ ssl_defaults.cbcRandomIV = PR_TRUE;
|
|
|
|
+ SSL_TRACE(("SSL: cbcRandomIV set to 1"));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif /* NSS_HAVE_GETENV */
|