Disable Nagle on Linux and TLS cut through support

net/third_party/nss/ssl/ssl.h

 /*
  * This file contains prototypes for the public SSL functions.
  *
  * ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
  *
  * The contents of this file are subject to the Mozilla Public License Version
  * 1.1 (the "License"); you may not use this file except in compliance with
  * the License. You may obtain a copy of the License at
  * http://www.mozilla.org/MPL/
@@ skipping 110 matching lines @@
 #define SSL_ENABLE_SESSION_TICKETS     18 /* Enable TLS SessionTicket       */
                                           /* extension (off by default)     */
 #define SSL_ENABLE_DEFLATE             19 /* Enable TLS compression with    */
                                           /* DEFLATE (off by default)       */
 #define SSL_ENABLE_RENEGOTIATION       20 /* Values below (default: never)  */
 #define SSL_REQUIRE_SAFE_NEGOTIATION   21 /* Peer must send Signalling      */
                                           /* Cipher Suite Value (SCSV) or   */
                                           /* Renegotiation  Info (RI)       */
                                           /* extension in ALL handshakes.   */
                                           /* default: off                   */
+#define SSL_ENABLE_FALSE_START         22 /* Enable SSL false start (off by */
+                                          /* default, applies only to       */
+                                          /* clients). False start is a     */
+/* mode where an SSL client will start sending application data before      */
+/* verifing the server's Finished message. This means that we could end up  */

[wtc, 2010/02/20 00:39:51]

Typo: verifing => verifying

+/* sending data to an imposter. However, the data will be encrypted and     */
+/* only the true server can decrypt the session key. Thus, so long as the   */

[wtc, 2010/02/20 00:39:51]

Nit: "can decrypt the session key" isn't entirely accurate.
How about "can derive the session key" or "has the session key"?

+/* cipher isn't broken this is safe. Because of this, False Start will only */
+/* occur on RSA ciphersuites where the cipher's key length is >= 80 bits.   */

[wtc, 2010/02/20 00:39:51]

Why only RSA ciphersuites?

+/* The advantage of False Start is that it saves a round trip for           */
+/* client-speaks-first protocols when performing a full handshake.          */
 
 #ifdef SSL_DEPRECATED_FUNCTION 
 /* Old deprecated function names */
 SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on);
 SSL_IMPORT SECStatus SSL_EnableDefault(int option, PRBool on);
 #endif
 
 /* New function names */
 SSL_IMPORT SECStatus SSL_OptionSet(PRFileDesc *fd, PRInt32 option, PRBool on);
 SSL_IMPORT SECStatus SSL_OptionGet(PRFileDesc *fd, PRInt32 option, PRBool *on);
@@ skipping 484 matching lines @@
 ** Did the handshake with the peer negotiate the given extension?
 ** Output parameter valid only if function returns SECSuccess
 */
 SSL_IMPORT SECStatus SSL_HandshakeNegotiatedExtension(PRFileDesc * socket,
                                                       SSLExtensionType extId,
                                                       PRBool *yes);
 
 SEC_END_PROTOS
 
 #endif /* __ssl_h_ */