Disable Nagle on Linux and TLS cut through support

net/third_party/nss/ssl/ssl.h

Index: net/third_party/nss/ssl/ssl.h
diff --git a/net/third_party/nss/ssl/ssl.h b/net/third_party/nss/ssl/ssl.h
index b0e77df514dbd67fe920bf98b9f06a00c5e87779..60fc9b568c8f7a3171f6768743ad3240ab3187c5 100644
--- a/net/third_party/nss/ssl/ssl.h
+++ b/net/third_party/nss/ssl/ssl.h
@@ -128,6 +128,17 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFileDesc *model, PRFileDesc *fd);
                                           /* Renegotiation  Info (RI)       */
 					  /* extension in ALL handshakes.   */
                                           /* default: off                   */
+#define SSL_ENABLE_FALSE_START	       22 /* Enable SSL false start (off by */
+					  /* default, applies only to       */
+					  /* clients). False start is a     */
+/* mode where an SSL client will start sending application data before      */
+/* verifing the server's Finished message. This means that we could end up  */

[wtc, 2010/02/20 00:39:51]

Typo: verifing => verifying

+/* sending data to an imposter. However, the data will be encrypted and     */
+/* only the true server can decrypt the session key. Thus, so long as the   */

[wtc, 2010/02/20 00:39:51]

Nit: "can decrypt the session key" isn't entirely accurate.
How about "can derive the session key" or "has the session key"?

+/* cipher isn't broken this is safe. Because of this, False Start will only */
+/* occur on RSA ciphersuites where the cipher's key length is >= 80 bits.   */

[wtc, 2010/02/20 00:39:51]

Why only RSA ciphersuites?

+/* The advantage of False Start is that it saves a round trip for           */
+/* client-speaks-first protocols when performing a full handshake.          */
 
 #ifdef SSL_DEPRECATED_FUNCTION 
 /* Old deprecated function names */