net/third_party/nss/patches/resumeclienthelloversion.patch - Issue 25868004: net: don't send resumption ClientHello records with versions > 0x0301.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/third_party/nss/patches/resumeclienthelloversion.patch

Issue 25868004: net: don't send resumption ClientHello records with versions > 0x0301. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Update patch file. Created 7 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: net/third_party/nss/patches/resumeclienthelloversion.patch

diff --git a/net/third_party/nss/patches/resumeclienthelloversion.patch b/net/third_party/nss/patches/resumeclienthelloversion.patch

new file mode 100644

index 0000000000000000000000000000000000000000..7c330c71fff338fc67efbf5da93023cb1f8814ad

--- /dev/null

+++ b/net/third_party/nss/patches/resumeclienthelloversion.patch

@@ -0,0 +1,31 @@

+diff --git a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c

+index d22a7d6..a7617fb 100644

+--- a/nss/lib/ssl/ssl3con.c

++++ b/nss/lib/ssl/ssl3con.c

+@@ -2865,12 +2865,14 @@ ssl3_CompressMACEncryptRecord(ssl3CipherSpec * cwSpec,

+ * Forces the use of the provided epoch

+ * ssl_SEND_FLAG_CAP_RECORD_VERSION

+ * Caps the record layer version number of TLS ClientHello to { 3, 1 }

+- * (TLS 1.0). Some TLS 1.0 servers (which seem to use F5 BIG-IP) ignore

++ * (TLS 1.0). Some TLS 1.0 servers (which seem to use F5 BIG-IP) ignore

+ * ClientHello.client_version and use the record layer version number

+ * (TLSPlaintext.version) instead when negotiating protocol versions. In

+ * addition, if the record layer version number of ClientHello is { 3, 2 }

+- * (TLS 1.1) or higher, these servers reset the TCP connections. Set this

+- * flag to work around such servers.

++ * (TLS 1.1) or higher, these servers reset the TCP connections. Lastly,

++ * some F5 BIG-IP servers hang if a record containing a ClientHello has a

++ * version greater than 0x0301 and a length greater than 255. Set this flag

++ * to work around such servers.

+ */

+ PRInt32

+ ssl3_SendRecord( sslSocket * ss,

+@@ -5363,7 +5365,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)

+ }

+ flags = 0;

+- if (!ss->firstHsDone && !requestingResume && !IS_DTLS(ss)) {

++ if (!ss->firstHsDone && !IS_DTLS(ss)) {

+ flags |= ssl_SEND_FLAG_CAP_RECORD_VERSION;

+ }

+ rv = ssl3_FlushHandshake(ss, flags);

« no previous file with comments | « net/third_party/nss/README.chromium ('k') | net/third_party/nss/ssl/ssl3con.c » ('j') | no next file with comments »