net: don't add padding extension for SSLv3.

net/third_party/nss/patches/paddingextension.patch

Index: net/third_party/nss/patches/paddingextension.patch
diff --git a/net/third_party/nss/patches/paddingextension.patch b/net/third_party/nss/patches/paddingextension.patch
index 8ea388cfc5ce365114e1ea3dcf5fe841c085bba3..9f225a5095103cca06a4c39a1e3a1a964ab2e4fd 100644
--- a/net/third_party/nss/patches/paddingextension.patch
+++ b/net/third_party/nss/patches/paddingextension.patch
@@ -1,5 +1,5 @@
 diff --git a/nss/lib/ssl/ssl3con.c b/nss/lib/ssl/ssl3con.c
-index 8b8b758..567d481 100644
+index 8b8b758..25709b2 100644
 --- a/nss/lib/ssl/ssl3con.c
 +++ b/nss/lib/ssl/ssl3con.c
 @@ -4975,6 +4975,7 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
@@ -10,7 +10,7 @@ index 8b8b758..567d481 100644
      unsigned         numCompressionMethods;
      PRInt32          flags;
  
-@@ -5241,6 +5242,20 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
+@@ -5241,6 +5242,22 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
  	length += 1 + ss->ssl3.hs.cookieLen;
      }
  
@@ -20,7 +20,9 @@ index 8b8b758..567d481 100644
 +     * in F5 devices.
 +     *
 +     * This is not done for DTLS nor for renegotiation. */
-+    if (!IS_DTLS(ss) && !ss->firstHsDone) {
++    if (!IS_DTLS(ss) &&
++        ss->version > SSL_LIBRARY_VERSION_3_0 &&
++        !ss->firstHsDone) {
 +        paddingExtensionLen = ssl3_CalculatePaddingExtensionLength(length);
 +        total_exten_len += paddingExtensionLen;
 +        length += paddingExtensionLen;
@@ -31,7 +33,7 @@ index 8b8b758..567d481 100644
      rv = ssl3_AppendHandshakeHeader(ss, client_hello, length);
      if (rv != SECSuccess) {
  	return rv;	/* err set by ssl3_AppendHandshake* */
-@@ -5360,6 +5375,13 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
+@@ -5360,6 +5377,13 @@ ssl3_SendClientHello(sslSocket *ss, PRBool resending)
  	    return SECFailure;
  	}
  	maxBytes -= extLen;