Index: net/socket/ssl_client_socket_nss.cc |
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc |
index f558e717ac4ea1ffa1374634f381decc586a00c3..f8a56d7be5e5fd2f5989436b7156850964fe838f 100644 |
--- a/net/socket/ssl_client_socket_nss.cc |
+++ b/net/socket/ssl_client_socket_nss.cc |
@@ -858,10 +858,12 @@ bool SSLClientSocketNSS::Core::Init(PRFileDesc* socket, |
PK11_TokenExists(CKM_NSS_CHACHA20_POLY1305); |
const bool adequate_key_agreement = PK11_TokenExists(CKM_DH_PKCS_DERIVE) || |
PK11_TokenExists(CKM_ECDH1_DERIVE); |
davidben
2015/09/28 22:16:23
(Ooh! Thanks for reminding me! We can rip all of t
|
- std::vector<uint8_t> wire_protos = |
- SerializeNextProtos(ssl_config_.next_protos, |
- adequate_encryption && adequate_key_agreement && |
- IsTLSVersionAdequateForHTTP2(ssl_config_)); |
+ NextProtoVector next_protos = ssl_config_.next_protos; |
+ if (!adequate_encryption || !adequate_key_agreement || |
+ !IsTLSVersionAdequateForHTTP2(ssl_config_)) { |
+ DisableHTTP2(&next_protos); |
+ } |
+ std::vector<uint8_t> wire_protos = SerializeNextProtos(next_protos); |
rv = SSL_SetNextProtoNego( |
nss_fd_, wire_protos.empty() ? NULL : &wire_protos[0], |
wire_protos.size()); |