Descriptionnet: don't send resumption ClientHello records with versions > 0x0301.
Best we can tell, F5 BIG-IP devices with firmware < 10.2.4 hang the connection
when a ClientHello record is received with version > 0x0301 and is longer than
255 bytes.
With TLS 1.2, we're hitting this size limit on resume connections with long
hostnames. Since the servers negotiate TLS 1.2, NSS previously used 0x0303 as
the ClientHello record version. This change causes NSS to always use at most
0x0301 as the ClientHello record version, even when we are resuming a session
and know that the server supports TLS 1.2.
See http://rt.openssl.org/Ticket/Display.html?id=2771#txn-33812
https://bugzilla.mozilla.org/show_bug.cgi?id=923696
BUG=303398
Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=227331
Patch Set 1 #Patch Set 2 : Add reference to Bugzilla bug. #
Total comments: 2
Patch Set 3 : Update comment. #Patch Set 4 : Update patch file. #
Messages
Total messages: 4 (0 generated)
|