OLD | NEW |
1 diff --git a/mozilla/security/nss/cmd/strsclnt/strsclnt.c b/mozilla/security/nss
/cmd/strsclnt/strsclnt.c | 1 Index: mozilla/security/nss/cmd/strsclnt/strsclnt.c |
2 index c266644..1f71434 100644 | 2 =================================================================== |
3 --- a/mozilla/security/nss/cmd/strsclnt/strsclnt.c | 3 RCS file: /cvsroot/mozilla/security/nss/cmd/strsclnt/strsclnt.c,v |
4 +++ b/mozilla/security/nss/cmd/strsclnt/strsclnt.c | 4 retrieving revision 1.66 |
5 @@ -162,6 +162,7 @@ static PRBool disableLocking = PR_FALSE; | 5 diff -u -p -r1.66 strsclnt.c |
| 6 --- mozilla/security/nss/cmd/strsclnt/strsclnt.c» 10 Feb 2010 18:07:20 -00
00» 1.66 |
| 7 +++ mozilla/security/nss/cmd/strsclnt/strsclnt.c» 16 Mar 2010 01:25:41 -00
00 |
| 8 @@ -162,6 +162,7 @@ static PRBool disableLocking = PR_FALSE |
6 static PRBool ignoreErrors = PR_FALSE; | 9 static PRBool ignoreErrors = PR_FALSE; |
7 static PRBool enableSessionTickets = PR_FALSE; | 10 static PRBool enableSessionTickets = PR_FALSE; |
8 static PRBool enableCompression = PR_FALSE; | 11 static PRBool enableCompression = PR_FALSE; |
9 +static PRBool enableFalseStart = PR_FALSE; | 12 +static PRBool enableFalseStart = PR_FALSE; |
10 | 13 |
11 PRIntervalTime maxInterval = PR_INTERVAL_NO_TIMEOUT; | 14 PRIntervalTime maxInterval = PR_INTERVAL_NO_TIMEOUT; |
12 | 15 |
13 @@ -197,7 +198,8 @@ Usage(const char *progName) | 16 @@ -197,7 +198,8 @@ Usage(const char *progName) |
14 " -U means enable throttling up threads\n" | 17 " -U means enable throttling up threads\n" |
15 " -B bypasses the PKCS11 layer for SSL encryption and MACing\n" | 18 " -B bypasses the PKCS11 layer for SSL encryption and MACing\n" |
(...skipping 28 matching lines...) Expand all Loading... |
44 | 47 |
45 @@ -1384,6 +1392,8 @@ main(int argc, char **argv) | 48 @@ -1384,6 +1392,8 @@ main(int argc, char **argv) |
46 | 49 |
47 case 'f': fileName = optstate->value; break; | 50 case 'f': fileName = optstate->value; break; |
48 | 51 |
49 + case 'g': enableFalseStart = PR_TRUE; break; | 52 + case 'g': enableFalseStart = PR_TRUE; break; |
50 + | 53 + |
51 case 'i': ignoreErrors = PR_TRUE; break; | 54 case 'i': ignoreErrors = PR_TRUE; break; |
52 | 55 |
53 case 'n': nickName = PL_strdup(optstate->value); break; | 56 case 'n': nickName = PL_strdup(optstate->value); break; |
54 diff --git a/mozilla/security/nss/cmd/tstclnt/tstclnt.c b/mozilla/security/nss/c
md/tstclnt/tstclnt.c | 57 Index: mozilla/security/nss/cmd/tstclnt/tstclnt.c |
55 index c15a0ad..55684e6 100644 | 58 =================================================================== |
56 --- a/mozilla/security/nss/cmd/tstclnt/tstclnt.c | 59 RCS file: /cvsroot/mozilla/security/nss/cmd/tstclnt/tstclnt.c,v |
57 +++ b/mozilla/security/nss/cmd/tstclnt/tstclnt.c | 60 retrieving revision 1.62 |
| 61 diff -u -p -r1.62 tstclnt.c |
| 62 --- mozilla/security/nss/cmd/tstclnt/tstclnt.c» 10 Feb 2010 18:07:21 -0000»
1.62 |
| 63 +++ mozilla/security/nss/cmd/tstclnt/tstclnt.c» 16 Mar 2010 01:25:41 -0000 |
58 @@ -225,6 +225,7 @@ static void Usage(const char *progName) | 64 @@ -225,6 +225,7 @@ static void Usage(const char *progName) |
59 fprintf(stderr, "%-20s Renegotiate N times (resuming session if N>1).\n", "
-r N"); | 65 fprintf(stderr, "%-20s Renegotiate N times (resuming session if N>1).\n", "
-r N"); |
60 fprintf(stderr, "%-20s Enable the session ticket extension.\n", "-u"); | 66 fprintf(stderr, "%-20s Enable the session ticket extension.\n", "-u"); |
61 fprintf(stderr, "%-20s Enable compression.\n", "-z"); | 67 fprintf(stderr, "%-20s Enable compression.\n", "-z"); |
62 + fprintf(stderr, "%-20s Enable false start.\n", "-g"); | 68 + fprintf(stderr, "%-20s Enable false start.\n", "-g"); |
63 fprintf(stderr, "%-20s Letter(s) chosen from the following list\n", | 69 fprintf(stderr, "%-20s Letter(s) chosen from the following list\n", |
64 "-c ciphers"); | 70 "-c ciphers"); |
65 fprintf(stderr, | 71 fprintf(stderr, |
66 @@ -521,6 +522,7 @@ int main(int argc, char **argv) | 72 @@ -521,6 +522,7 @@ int main(int argc, char **argv) |
67 int useExportPolicy = 0; | 73 int useExportPolicy = 0; |
(...skipping 30 matching lines...) Expand all Loading... |
98 + /* enable false start. */ | 104 + /* enable false start. */ |
99 + rv = SSL_OptionSet(s, SSL_ENABLE_FALSE_START, enableFalseStart); | 105 + rv = SSL_OptionSet(s, SSL_ENABLE_FALSE_START, enableFalseStart); |
100 + if (rv != SECSuccess) { | 106 + if (rv != SECSuccess) { |
101 + SECU_PrintError(progName, "error enabling false start"); | 107 + SECU_PrintError(progName, "error enabling false start"); |
102 + return 1; | 108 + return 1; |
103 + } | 109 + } |
104 + | 110 + |
105 SSL_SetPKCS11PinArg(s, &pwdata); | 111 SSL_SetPKCS11PinArg(s, &pwdata); |
106 | 112 |
107 SSL_AuthCertificateHook(s, SSL_AuthCertificate, (void *)handle); | 113 SSL_AuthCertificateHook(s, SSL_AuthCertificate, (void *)handle); |
108 diff --git a/mozilla/security/nss/lib/ssl/ssl.h b/mozilla/security/nss/lib/ssl/s
sl.h | 114 Index: mozilla/security/nss/lib/ssl/ssl.h |
109 index e285ab4..bd1bfd3 100644 | 115 =================================================================== |
110 --- a/mozilla/security/nss/lib/ssl/ssl.h | 116 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl.h,v |
111 +++ b/mozilla/security/nss/lib/ssl/ssl.h | 117 retrieving revision 1.38 |
112 @@ -128,6 +128,17 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFileDesc *model, PRFi
leDesc *fd); | 118 diff -u -p -r1.38 ssl.h |
| 119 --- mozilla/security/nss/lib/ssl/ssl.h» 17 Feb 2010 02:29:07 -0000» 1.38 |
| 120 +++ mozilla/security/nss/lib/ssl/ssl.h» 16 Mar 2010 01:25:41 -0000 |
| 121 @@ -128,6 +128,17 @@ SSL_IMPORT PRFileDesc *SSL_ImportFD(PRFi |
113 /* Renegotiation Info (RI) */ | 122 /* Renegotiation Info (RI) */ |
114 /* extension in ALL handshakes. */ | 123 /* extension in ALL handshakes. */ |
115 /* default: off */ | 124 /* default: off */ |
116 +#define SSL_ENABLE_FALSE_START 22 /* Enable SSL false start (off by */ | 125 +#define SSL_ENABLE_FALSE_START 22 /* Enable SSL false start (off by */ |
117 + /* default, applies only to */ | 126 + /* default, applies only to */ |
118 + /* clients). False start is a */ | 127 + /* clients). False start is a */ |
119 +/* mode where an SSL client will start sending application data before */ | 128 +/* mode where an SSL client will start sending application data before */ |
120 +/* verifying the server's Finished message. This means that we could end up */ | 129 +/* verifying the server's Finished message. This means that we could end up */ |
121 +/* sending data to an imposter. However, the data will be encrypted and */ | 130 +/* sending data to an imposter. However, the data will be encrypted and */ |
122 +/* only the true server can derive the session key. Thus, so long as the */ | 131 +/* only the true server can derive the session key. Thus, so long as the */ |
123 +/* cipher isn't broken this is safe. Because of this, False Start will only */ | 132 +/* cipher isn't broken this is safe. Because of this, False Start will only */ |
124 +/* occur on RSA or DH ciphersuites where the cipher's key length is >= 80 */ | 133 +/* occur on RSA or DH ciphersuites where the cipher's key length is >= 80 */ |
125 +/* bits. The advantage of False Start is that it saves a round trip for */ | 134 +/* bits. The advantage of False Start is that it saves a round trip for */ |
126 +/* client-speaks-first protocols when performing a full handshake. */ | 135 +/* client-speaks-first protocols when performing a full handshake. */ |
127 | 136 |
128 #ifdef SSL_DEPRECATED_FUNCTION | 137 #ifdef SSL_DEPRECATED_FUNCTION |
129 /* Old deprecated function names */ | 138 /* Old deprecated function names */ |
130 diff --git a/mozilla/security/nss/lib/ssl/ssl3con.c b/mozilla/security/nss/lib/s
sl/ssl3con.c | 139 Index: mozilla/security/nss/lib/ssl/ssl3con.c |
131 index 6b37c4f..f073431 100644 | 140 =================================================================== |
132 --- a/mozilla/security/nss/lib/ssl/ssl3con.c | 141 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3con.c,v |
133 +++ b/mozilla/security/nss/lib/ssl/ssl3con.c | 142 retrieving revision 1.136 |
134 @@ -5656,7 +5656,17 @@ ssl3_RestartHandshakeAfterCertReq(sslSocket * ss, | 143 diff -u -p -r1.136 ssl3con.c |
| 144 --- mozilla/security/nss/lib/ssl/ssl3con.c» 17 Feb 2010 02:29:07 -0000»
1.136 |
| 145 +++ mozilla/security/nss/lib/ssl/ssl3con.c» 16 Mar 2010 01:25:41 -0000 |
| 146 @@ -5656,7 +5656,17 @@ ssl3_RestartHandshakeAfterCertReq(sslSoc |
135 return rv; | 147 return rv; |
136 } | 148 } |
137 | 149 |
138 - | 150 - |
139 +PRBool | 151 +PRBool |
140 +ssl3_CanFalseStart(sslSocket *ss) { | 152 +ssl3_CanFalseStart(sslSocket *ss) { |
141 + return ss->opt.enableFalseStart && | 153 + return ss->opt.enableFalseStart && |
142 + !ss->sec.isServer && | 154 + !ss->sec.isServer && |
143 + !ss->ssl3.hs.isResuming && | 155 + !ss->ssl3.hs.isResuming && |
144 + ss->ssl3.cwSpec && | 156 + ss->ssl3.cwSpec && |
145 + ss->ssl3.cwSpec->cipher_def->secret_key_size >= 10 && | 157 + ss->ssl3.cwSpec->cipher_def->secret_key_size >= 10 && |
146 + (ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_rsa || | 158 + (ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_rsa || |
147 + ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_dh || | 159 + ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_dh || |
148 + ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_ecdh); | 160 + ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_ecdh); |
149 +} | 161 +} |
150 | 162 |
151 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete | 163 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete |
152 * ssl3 Server Hello Done message. | 164 * ssl3 Server Hello Done message. |
153 @@ -5728,6 +5738,12 @@ ssl3_HandleServerHelloDone(sslSocket *ss) | 165 @@ -5728,6 +5738,12 @@ ssl3_HandleServerHelloDone(sslSocket *ss |
154 ss->ssl3.hs.ws = wait_new_session_ticket; | 166 ss->ssl3.hs.ws = wait_new_session_ticket; |
155 else | 167 else |
156 ss->ssl3.hs.ws = wait_change_cipher; | 168 ss->ssl3.hs.ws = wait_change_cipher; |
157 + | 169 + |
158 + /* Do the handshake callback for sslv3 here. */ | 170 + /* Do the handshake callback for sslv3 here. */ |
159 + if (ss->handshakeCallback != NULL && ssl3_CanFalseStart(ss)) { | 171 + if (ss->handshakeCallback != NULL && ssl3_CanFalseStart(ss)) { |
160 + (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); | 172 + (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); |
161 + } | 173 + } |
162 + | 174 + |
163 return SECSuccess; | 175 return SECSuccess; |
164 | 176 |
165 loser: | 177 loser: |
166 @@ -8468,7 +8484,7 @@ xmit_loser: | 178 @@ -8468,7 +8484,7 @@ xmit_loser: |
167 ss->ssl3.hs.ws = idle_handshake; | 179 ss->ssl3.hs.ws = idle_handshake; |
168 | 180 |
169 /* Do the handshake callback for sslv3 here. */ | 181 /* Do the handshake callback for sslv3 here. */ |
170 - if (ss->handshakeCallback != NULL) { | 182 - if (ss->handshakeCallback != NULL) { |
171 + if (ss->handshakeCallback != NULL && !ssl3_CanFalseStart(ss)) { | 183 + if (ss->handshakeCallback != NULL && !ssl3_CanFalseStart(ss)) { |
172 (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); | 184 (ss->handshakeCallback)(ss->fd, ss->handshakeCallbackData); |
173 } | 185 } |
174 | 186 |
175 diff --git a/mozilla/security/nss/lib/ssl/ssl3gthr.c b/mozilla/security/nss/lib/
ssl/ssl3gthr.c | 187 Index: mozilla/security/nss/lib/ssl/ssl3gthr.c |
176 index bdd2958..28fe154 100644 | 188 =================================================================== |
177 --- a/mozilla/security/nss/lib/ssl/ssl3gthr.c | 189 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/ssl3gthr.c,v |
178 +++ b/mozilla/security/nss/lib/ssl/ssl3gthr.c | 190 retrieving revision 1.9 |
179 @@ -188,6 +188,7 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags) | 191 diff -u -p -r1.9 ssl3gthr.c |
| 192 --- mozilla/security/nss/lib/ssl/ssl3gthr.c» 20 Nov 2008 07:37:25 -0000»
1.9 |
| 193 +++ mozilla/security/nss/lib/ssl/ssl3gthr.c» 16 Mar 2010 01:25:41 -0000 |
| 194 @@ -188,6 +188,7 @@ ssl3_GatherCompleteHandshake(sslSocket * |
180 { | 195 { |
181 SSL3Ciphertext cText; | 196 SSL3Ciphertext cText; |
182 int rv; | 197 int rv; |
183 + PRBool canFalseStart = PR_FALSE; | 198 + PRBool canFalseStart = PR_FALSE; |
184 | 199 |
185 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); | 200 PORT_Assert( ss->opt.noLocks || ssl_HaveRecvBufLock(ss) ); |
186 do { | 201 do { |
187 @@ -207,7 +208,17 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags) | 202 @@ -207,7 +208,20 @@ ssl3_GatherCompleteHandshake(sslSocket * |
188 if (rv < 0) { | 203 if (rv < 0) { |
189 return ss->recvdCloseNotify ? 0 : rv; | 204 return ss->recvdCloseNotify ? 0 : rv; |
190 } | 205 } |
191 - } while (ss->ssl3.hs.ws != idle_handshake && ss->gs.buf.len == 0); | 206 - } while (ss->ssl3.hs.ws != idle_handshake && ss->gs.buf.len == 0); |
192 + | 207 + |
| 208 + /* If we kicked off a false start in ssl3_HandleServerHelloDone, break |
| 209 + * out of this loop early without finishing the handshake. |
| 210 + */ |
193 + if (ss->opt.enableFalseStart) { | 211 + if (ss->opt.enableFalseStart) { |
194 + ssl_GetSSL3HandshakeLock(ss); | 212 + ssl_GetSSL3HandshakeLock(ss); |
195 + canFalseStart = (ss->ssl3.hs.ws == wait_change_cipher || | 213 + canFalseStart = (ss->ssl3.hs.ws == wait_change_cipher || |
196 + ss->ssl3.hs.ws == wait_new_session_ticket) && | 214 + ss->ssl3.hs.ws == wait_new_session_ticket) && |
197 + ssl3_CanFalseStart(ss); | 215 + ssl3_CanFalseStart(ss); |
198 + ssl_ReleaseSSL3HandshakeLock(ss); | 216 + ssl_ReleaseSSL3HandshakeLock(ss); |
199 + } | 217 + } |
200 + } while (ss->ssl3.hs.ws != idle_handshake && | 218 + } while (ss->ssl3.hs.ws != idle_handshake && |
201 + !canFalseStart && | 219 + !canFalseStart && |
202 + ss->gs.buf.len == 0); | 220 + ss->gs.buf.len == 0); |
203 | 221 |
204 ss->gs.readOffset = 0; | 222 ss->gs.readOffset = 0; |
205 ss->gs.writeOffset = ss->gs.buf.len; | 223 ss->gs.writeOffset = ss->gs.buf.len; |
206 diff --git a/mozilla/security/nss/lib/ssl/sslimpl.h b/mozilla/security/nss/lib/s
sl/sslimpl.h | 224 Index: mozilla/security/nss/lib/ssl/sslimpl.h |
207 index 7581b98..00f0ce2 100644 | 225 =================================================================== |
208 --- a/mozilla/security/nss/lib/ssl/sslimpl.h | 226 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslimpl.h,v |
209 +++ b/mozilla/security/nss/lib/ssl/sslimpl.h | 227 retrieving revision 1.77 |
| 228 diff -u -p -r1.77 sslimpl.h |
| 229 --- mozilla/security/nss/lib/ssl/sslimpl.h» 10 Feb 2010 00:33:50 -0000»
1.77 |
| 230 +++ mozilla/security/nss/lib/ssl/sslimpl.h» 16 Mar 2010 01:25:41 -0000 |
210 @@ -333,6 +333,7 @@ typedef struct sslOptionsStr { | 231 @@ -333,6 +333,7 @@ typedef struct sslOptionsStr { |
211 unsigned int enableDeflate : 1; /* 19 */ | 232 unsigned int enableDeflate : 1; /* 19 */ |
212 unsigned int enableRenegotiation : 2; /* 20-21 */ | 233 unsigned int enableRenegotiation : 2; /* 20-21 */ |
213 unsigned int requireSafeNegotiation : 1; /* 22 */ | 234 unsigned int requireSafeNegotiation : 1; /* 22 */ |
214 + unsigned int enableFalseStart : 1; /* 23 */ | 235 + unsigned int enableFalseStart : 1; /* 23 */ |
215 } sslOptions; | 236 } sslOptions; |
216 | 237 |
217 typedef enum { sslHandshakingUndetermined = 0, | 238 typedef enum { sslHandshakingUndetermined = 0, |
218 @@ -1250,6 +1251,8 @@ extern void ssl_SetAlwaysBlock(sslSocket *ss); | 239 @@ -1250,6 +1251,8 @@ extern void ssl_SetAlwaysBlock(sslS |
219 | 240 |
220 extern SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled); | 241 extern SECStatus ssl_EnableNagleDelay(sslSocket *ss, PRBool enabled); |
221 | 242 |
222 +extern PRBool ssl3_CanFalseStart(sslSocket *ss); | 243 +extern PRBool ssl3_CanFalseStart(sslSocket *ss); |
223 + | 244 + |
224 #define SSL_LOCK_READER(ss) if (ss->recvLock) PZ_Lock(ss->recvLock) | 245 #define SSL_LOCK_READER(ss) if (ss->recvLock) PZ_Lock(ss->recvLock) |
225 #define SSL_UNLOCK_READER(ss) if (ss->recvLock) PZ_Unlock(ss->recvLock
) | 246 #define SSL_UNLOCK_READER(ss) if (ss->recvLock) PZ_Unlock(ss->recvLock
) |
226 #define SSL_LOCK_WRITER(ss) if (ss->sendLock) PZ_Lock(ss->sendLock) | 247 #define SSL_LOCK_WRITER(ss) if (ss->sendLock) PZ_Lock(ss->sendLock) |
227 diff --git a/mozilla/security/nss/lib/ssl/sslsecur.c b/mozilla/security/nss/lib/
ssl/sslsecur.c | 248 Index: mozilla/security/nss/lib/ssl/sslsecur.c |
228 index 8f79135..4dc0475 100644 | 249 =================================================================== |
229 --- a/mozilla/security/nss/lib/ssl/sslsecur.c | 250 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsecur.c,v |
230 +++ b/mozilla/security/nss/lib/ssl/sslsecur.c | 251 retrieving revision 1.43 |
231 @@ -148,6 +148,12 @@ ssl_Do1stHandshake(sslSocket *ss) | 252 diff -u -p -r1.43 sslsecur.c |
232 » ss->gs.readOffset = 0; | 253 --- mozilla/security/nss/lib/ssl/sslsecur.c» 14 Jan 2010 22:15:25 -0000»
1.43 |
233 » break; | 254 +++ mozilla/security/nss/lib/ssl/sslsecur.c» 16 Mar 2010 01:25:41 -0000 |
234 » } | 255 @@ -1199,8 +1199,17 @@ ssl_SecureSend(sslSocket *ss, const unsi |
| 256 » ss->writerThread = PR_GetCurrentThread(); |
| 257 /* If any of these is non-zero, the initial handshake is not done. */ |
| 258 if (!ss->firstHsDone) { |
| 259 +» PRBool canFalseStart = PR_FALSE; |
| 260 » ssl_Get1stHandshakeLock(ss); |
| 261 -» if (ss->handshake || ss->nextHandshake || ss->securityHandshake) { |
235 + if (ss->version >= SSL_LIBRARY_VERSION_3_0 && | 262 + if (ss->version >= SSL_LIBRARY_VERSION_3_0 && |
236 + (ss->ssl3.hs.ws == wait_change_cipher || | 263 + (ss->ssl3.hs.ws == wait_change_cipher || |
| 264 + ss->ssl3.hs.ws == wait_finished || |
237 + ss->ssl3.hs.ws == wait_new_session_ticket) && | 265 + ss->ssl3.hs.ws == wait_new_session_ticket) && |
238 + ssl3_CanFalseStart(ss)) { | 266 + ssl3_CanFalseStart(ss)) { |
239 +» break; | 267 +» canFalseStart = PR_TRUE; |
240 + } | 268 + } |
241 » rv = (*ss->handshake)(ss); | 269 +» if (!canFalseStart && |
242 » ++loopCount; | 270 +» (ss->handshake || ss->nextHandshake || ss->securityHandshake)) { |
243 /* This code must continue to loop on SECWouldBlock, | 271 » rv = ssl_Do1stHandshake(ss); |
244 diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/s
sl/sslsock.c | 272 » } |
245 index aab48d6..40f633a 100644 | 273 » ssl_Release1stHandshakeLock(ss); |
246 --- a/mozilla/security/nss/lib/ssl/sslsock.c | 274 Index: mozilla/security/nss/lib/ssl/sslsock.c |
247 +++ b/mozilla/security/nss/lib/ssl/sslsock.c | 275 =================================================================== |
| 276 RCS file: /cvsroot/mozilla/security/nss/lib/ssl/sslsock.c,v |
| 277 retrieving revision 1.66 |
| 278 diff -u -p -r1.66 sslsock.c |
| 279 --- mozilla/security/nss/lib/ssl/sslsock.c» 26 Feb 2010 20:44:54 -0000»
1.66 |
| 280 +++ mozilla/security/nss/lib/ssl/sslsock.c» 16 Mar 2010 01:25:41 -0000 |
248 @@ -183,6 +183,7 @@ static sslOptions ssl_defaults = { | 281 @@ -183,6 +183,7 @@ static sslOptions ssl_defaults = { |
249 PR_FALSE, /* enableDeflate */ | 282 PR_FALSE, /* enableDeflate */ |
250 2, /* enableRenegotiation (default: requires extension) */ | 283 2, /* enableRenegotiation (default: requires extension) */ |
251 PR_FALSE, /* requireSafeNegotiation */ | 284 PR_FALSE, /* requireSafeNegotiation */ |
252 + PR_FALSE, /* enableFalseStart */ | 285 + PR_FALSE, /* enableFalseStart */ |
253 }; | 286 }; |
254 | 287 |
255 sslSessionIDLookupFunc ssl_sid_lookup; | 288 sslSessionIDLookupFunc ssl_sid_lookup; |
256 @@ -728,6 +729,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 which, PRBool on) | 289 @@ -728,6 +729,10 @@ SSL_OptionSet(PRFileDesc *fd, PRInt32 wh |
257 ss->opt.requireSafeNegotiation = on; | 290 ss->opt.requireSafeNegotiation = on; |
258 break; | 291 break; |
259 | 292 |
260 + case SSL_ENABLE_FALSE_START: | 293 + case SSL_ENABLE_FALSE_START: |
261 + ss->opt.enableFalseStart = on; | 294 + ss->opt.enableFalseStart = on; |
262 + break; | 295 + break; |
263 + | 296 + |
264 default: | 297 default: |
265 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 298 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
266 rv = SECFailure; | 299 rv = SECFailure; |
267 @@ -791,6 +796,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 which, PRBool *pOn) | 300 @@ -791,6 +796,7 @@ SSL_OptionGet(PRFileDesc *fd, PRInt32 wh |
268 on = ss->opt.enableRenegotiation; break; | 301 on = ss->opt.enableRenegotiation; break; |
269 case SSL_REQUIRE_SAFE_NEGOTIATION: | 302 case SSL_REQUIRE_SAFE_NEGOTIATION: |
270 on = ss->opt.requireSafeNegotiation; break; | 303 on = ss->opt.requireSafeNegotiation; break; |
271 + case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break; | 304 + case SSL_ENABLE_FALSE_START: on = ss->opt.enableFalseStart; break; |
272 | 305 |
273 default: | 306 default: |
274 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 307 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
275 @@ -841,6 +847,7 @@ SSL_OptionGetDefault(PRInt32 which, PRBool *pOn) | 308 @@ -841,6 +847,7 @@ SSL_OptionGetDefault(PRInt32 which, PRBo |
276 case SSL_REQUIRE_SAFE_NEGOTIATION: | 309 case SSL_REQUIRE_SAFE_NEGOTIATION: |
277 on = ssl_defaults.requireSafeNegotiation; | 310 on = ssl_defaults.requireSafeNegotiation; |
278 break; | 311 break; |
279 + case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break; | 312 + case SSL_ENABLE_FALSE_START: on = ssl_defaults.enableFalseStart; break; |
280 | 313 |
281 default: | 314 default: |
282 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 315 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
283 @@ -984,6 +991,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBool on) | 316 @@ -984,6 +991,10 @@ SSL_OptionSetDefault(PRInt32 which, PRBo |
284 ssl_defaults.requireSafeNegotiation = on; | 317 ssl_defaults.requireSafeNegotiation = on; |
285 break; | 318 break; |
286 | 319 |
287 + case SSL_ENABLE_FALSE_START: | 320 + case SSL_ENABLE_FALSE_START: |
288 + ssl_defaults.enableFalseStart = on; | 321 + ssl_defaults.enableFalseStart = on; |
289 + break; | 322 + break; |
290 + | 323 + |
291 default: | 324 default: |
292 PORT_SetError(SEC_ERROR_INVALID_ARGS); | 325 PORT_SetError(SEC_ERROR_INVALID_ARGS); |
293 return SECFailure; | 326 return SECFailure; |
294 diff --git a/mozilla/security/nss/tests/ssl/sslstress.txt b/mozilla/security/nss
/tests/ssl/sslstress.txt | 327 Index: mozilla/security/nss/tests/ssl/sslstress.txt |
295 index 9a3aae8..c2a5c76 100644 | 328 =================================================================== |
296 --- a/mozilla/security/nss/tests/ssl/sslstress.txt | 329 RCS file: /cvsroot/mozilla/security/nss/tests/ssl/sslstress.txt,v |
297 +++ b/mozilla/security/nss/tests/ssl/sslstress.txt | 330 retrieving revision 1.18 |
| 331 diff -u -p -r1.18 sslstress.txt |
| 332 --- mozilla/security/nss/tests/ssl/sslstress.txt» 3 Feb 2010 02:25:36 -000
0» 1.18 |
| 333 +++ mozilla/security/nss/tests/ssl/sslstress.txt» 16 Mar 2010 01:25:41 -00
00 |
298 @@ -42,9 +42,11 @@ | 334 @@ -42,9 +42,11 @@ |
299 noECC 0 _ -c_1000_-C_A Stress SSL2 RC4 128
with MD5 | 335 noECC 0 _ -c_1000_-C_A Stress SSL2 RC4 128
with MD5 |
300 noECC 0 _ -c_1000_-C_c_-T Stress SSL3 RC4 128
with MD5 | 336 noECC 0 _ -c_1000_-C_c_-T Stress SSL3 RC4 128
with MD5 |
301 noECC 0 _ -c_1000_-C_c Stress TLS RC4 128
with MD5 | 337 noECC 0 _ -c_1000_-C_c Stress TLS RC4 128
with MD5 |
302 + noECC 0 _ -c_1000_-C_c_-h Stress TLS RC4 128
with MD5 (false start) | 338 + noECC 0 _ -c_1000_-C_c_-h Stress TLS RC4 128
with MD5 (false start) |
303 noECC 0 -u -2_-c_1000_-C_c_-u Stress TLS RC4 128
with MD5 (session ticket) | 339 noECC 0 -u -2_-c_1000_-C_c_-u Stress TLS RC4 128
with MD5 (session ticket) |
304 noECC 0 -z -2_-c_1000_-C_c_-z Stress TLS RC4 128
with MD5 (compression) | 340 noECC 0 -z -2_-c_1000_-C_c_-z Stress TLS RC4 128
with MD5 (compression) |
305 noECC 0 -u_-z -2_-c_1000_-C_c_-u_-z Stress TLS RC4 128
with MD5 (session ticket, compression) | 341 noECC 0 -u_-z -2_-c_1000_-C_c_-u_-z Stress TLS RC4 128
with MD5 (session ticket, compression) |
306 + noECC 0 -u_-z -2_-c_1000_-C_c_-u_-z_-h Stress TLS RC4 128
with MD5 (session ticket, compression, false start) | 342 + noECC 0 -u_-z -2_-c_1000_-C_c_-u_-z_-h Stress TLS RC4 128
with MD5 (session ticket, compression, false start) |
307 SNI 0 -u_-a_Host-sni.Dom -2_-3_-c_1000_-C_c_-u Stress TLS RC4 128
with MD5 (session ticket, SNI) | 343 SNI 0 -u_-a_Host-sni.Dom -2_-3_-c_1000_-C_c_-u Stress TLS RC4 128
with MD5 (session ticket, SNI) |
308 | 344 |
309 # | 345 # |
310 @@ -55,7 +57,9 @@ | 346 @@ -55,7 +57,9 @@ |
311 noECC 0 -r_-r -c_100_-C_c_-N_-n_TestUser Stress TLS RC4 128 w
ith MD5 (no reuse, client auth) | 347 noECC 0 -r_-r -c_100_-C_c_-N_-n_TestUser Stress TLS RC4 128 w
ith MD5 (no reuse, client auth) |
312 noECC 0 -r_-r_-u -2_-c_100_-C_c_-n_TestUser_-u Stress TLS RC4 128 w
ith MD5 (session ticket, client auth) | 348 noECC 0 -r_-r_-u -2_-c_100_-C_c_-n_TestUser_-u Stress TLS RC4 128 w
ith MD5 (session ticket, client auth) |
313 noECC 0 -r_-r_-z -2_-c_100_-C_c_-n_TestUser_-z Stress TLS RC4 128 w
ith MD5 (compression, client auth) | 349 noECC 0 -r_-r_-z -2_-c_100_-C_c_-n_TestUser_-z Stress TLS RC4 128 w
ith MD5 (compression, client auth) |
314 + noECC 0 -r_-r_-z -2_-c_100_-C_c_-n_TestUser_-z_-h Stress TLS RC4 12
8 with MD5 (compression, client auth, false start) | 350 + noECC 0 -r_-r_-z -2_-c_100_-C_c_-n_TestUser_-z_-h Stress TLS RC4 12
8 with MD5 (compression, client auth, false start) |
315 noECC 0 -r_-r_-u_-z -2_-c_100_-C_c_-n_TestUser_-u_-z Stress TLS RC4 12
8 with MD5 (session ticket, compression, client auth) | 351 noECC 0 -r_-r_-u_-z -2_-c_100_-C_c_-n_TestUser_-u_-z Stress TLS RC4 12
8 with MD5 (session ticket, compression, client auth) |
316 + noECC 0 -r_-r_-u_-z -2_-c_100_-C_c_-n_TestUser_-u_-z_-h Stress TLS RC4
128 with MD5 (session ticket, compression, client auth, false start) | 352 + noECC 0 -r_-r_-u_-z -2_-c_100_-C_c_-n_TestUser_-u_-z_-h Stress TLS RC4
128 with MD5 (session ticket, compression, client auth, false start) |
317 SNI 0 -r_-r_-u_-a_Host-sni.Dom -2_-3_-c_1000_-C_c_-u Stress TLS RC4 1
28 with MD5 (session ticket, SNI, client auth, default virt host) | 353 SNI 0 -r_-r_-u_-a_Host-sni.Dom -2_-3_-c_1000_-C_c_-u Stress TLS RC4 1
28 with MD5 (session ticket, SNI, client auth, default virt host) |
318 SNI 0 -r_-r_-u_-a_Host-sni.Dom_-k_Host-sni.Dom -2_-3_-c_1000_-C_c_-u_
-a_Host-sni.Dom Stress TLS RC4 128 with MD5 (session ticket, SNI, client auth, c
hange virt host) | 354 SNI 0 -r_-r_-u_-a_Host-sni.Dom_-k_Host-sni.Dom -2_-3_-c_1000_-C_c_-u_
-a_Host-sni.Dom Stress TLS RC4 128 with MD5 (session ticket, SNI, client auth, c
hange virt host) |
319 | 355 |
OLD | NEW |