Index: net/third_party/nss/ssl/ssl.h |
=================================================================== |
--- net/third_party/nss/ssl/ssl.h (revision 227672) |
+++ net/third_party/nss/ssl/ssl.h (working copy) |
@@ -121,14 +121,17 @@ |
#define SSL_ENABLE_FALSE_START 22 /* Enable SSL false start (off by */ |
/* default, applies only to */ |
/* clients). False start is a */ |
-/* mode where an SSL client will start sending application data before */ |
-/* verifying the server's Finished message. This means that we could end up */ |
-/* sending data to an imposter. However, the data will be encrypted and */ |
-/* only the true server can derive the session key. Thus, so long as the */ |
-/* cipher isn't broken this is safe. Because of this, False Start will only */ |
-/* occur on RSA or DH ciphersuites where the cipher's key length is >= 80 */ |
-/* bits. The advantage of False Start is that it saves a round trip for */ |
-/* client-speaks-first protocols when performing a full handshake. */ |
+/* mode where an SSL client will start sending application data before |
+ * verifying the server's Finished message. This means that we could end up |
+ * sending data to an imposter. However, the data will be encrypted and |
+ * only the true server can derive the session key. Thus, so long as the |
+ * cipher isn't broken this is safe. The advantage of false start is that |
+ * it saves a round trip for client-speaks-first protocols when performing a |
+ * full handshake. |
+ * |
+ * In addition to enabling this option, the application must register a |
+ * callback using the SSL_SetCanFalseStartCallback function. |
+ */ |
/* For SSL 3.0 and TLS 1.0, by default we prevent chosen plaintext attacks |
* on SSL CBC mode cipher suites (see RFC 4346 Section F.3) by splitting |
@@ -741,14 +744,45 @@ |
SSL_IMPORT SECStatus SSL_InheritMPServerSIDCache(const char * envString); |
/* |
-** Set the callback on a particular socket that gets called when we finish |
-** performing a handshake. |
+** Set the callback that gets called when a TLS handshake is complete. The |
+** handshake callback is called after verifying the peer's Finished message and |
+** before processing incoming application data. |
+** |
+** For the initial handshake: If the handshake false started (see |
+** SSL_ENABLE_FALSE_START), then application data may already have been sent |
+** before the handshake callback is called. If we did not false start then the |
+** callback will get called before any application data is sent. |
*/ |
typedef void (PR_CALLBACK *SSLHandshakeCallback)(PRFileDesc *fd, |
void *client_data); |
SSL_IMPORT SECStatus SSL_HandshakeCallback(PRFileDesc *fd, |
SSLHandshakeCallback cb, void *client_data); |
+/* Applications that wish to enable TLS false start must set this callback |
+** function. NSS will invoke the functon to determine if a particular |
+** connection should use false start or not. SECSuccess indicates that the |
+** callback completed successfully, and if so *canFalseStart indicates if false |
+** start can be used. If the callback does not return SECSuccess then the |
+** handshake will be canceled. NSS's recommended criteria can be evaluated by |
+** calling SSL_RecommendedCanFalseStart. |
+** |
+** If no false start callback is registered then false start will never be |
+** done, even if the SSL_ENABLE_FALSE_START option is enabled. |
+**/ |
+typedef SECStatus (PR_CALLBACK *SSLCanFalseStartCallback)( |
+ PRFileDesc *fd, void *arg, PRBool *canFalseStart); |
+ |
+SSL_IMPORT SECStatus SSL_SetCanFalseStartCallback( |
+ PRFileDesc *fd, SSLCanFalseStartCallback callback, void *arg); |
+ |
+/* This function sets *canFalseStart according to the recommended criteria for |
+** false start. These criteria may change from release to release and may depend |
+** on which handshake features have been negotiated and/or properties of the |
+** certifciates/keys used on the connection. |
+*/ |
+SSL_IMPORT SECStatus SSL_RecommendedCanFalseStart(PRFileDesc *fd, |
+ PRBool *canFalseStart); |
+ |
/* |
** For the server, request a new handshake. For the client, begin a new |
** handshake. If flushCache is non-zero, the SSL3 cache entry will be |