net: don't do TLS False Start with RC4.

net/third_party/nss/patches/norc4falsestart.patch

Index: net/third_party/nss/patches/norc4falsestart.patch
diff --git a/net/third_party/nss/patches/norc4falsestart.patch b/net/third_party/nss/patches/norc4falsestart.patch
new file mode 100644
index 0000000000000000000000000000000000000000..afa8f578b1890b1a8848e48905cc952a3189a6eb
--- /dev/null
+++ b/net/third_party/nss/patches/norc4falsestart.patch
@@ -0,0 +1,16 @@
+diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
+index ee96089..3b0c22e 100644
+--- a/net/third_party/nss/ssl/ssl3con.c
++++ b/net/third_party/nss/ssl/ssl3con.c
+@@ -6416,7 +6416,10 @@ ssl3_CanFalseStart(sslSocket *ss) {
+ 	(ss->ssl3.hs.kea_def->kea == kea_dhe_dss ||
+ 	 ss->ssl3.hs.kea_def->kea == kea_dhe_rsa ||
+ 	 ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa ||
+-	 ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa);
++	 ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) &&
++        /* In light of recent RC4 analysis (http://www.isg.rhul.ac.uk/tls/), we
++         * don't allow False Start with RC4. */

[Ryan Sleevi, 2013/04/15 18:08:35]

In 5 years (as NSS code easily lives on), this will no longer be "recent".

Perhaps reword

/* Due to biases in the RC4 keystream, do not allow False Start with RC4 */

[agl, 2013/04/16 14:59:29]

Good point. Done.

++        ss->ssl3.cwSpec->cipher_def->cipher != cipher_rc4;
+     ssl_ReleaseSpecReadLock(ss);
+     return rv;
+ }