roytam1/palemoon27
1
0
Fork 0
mirror of https://github.com/roytam1/palemoon27.git synced 2026-06-06 08:29:08 +00:00
Code Issues Projects Releases Wiki Activity

Security - Unsafe negotiation warning with TLS 1.3

Browse Source
This commit is contained in:
janekptacijarabaci
2017-05-08 19:37:18 +02:00
committed by roytam1
parent c27333de9d
commit c28d046daf
1 changed files with 10 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
security/manager/ssl/src/nsNSSCallbacks.cpp
+10 -5
View File
@@ -1242,11 +1242,16 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
}
PRBool siteSupportsSafeRenego;
rv = SSL_HandshakeNegotiatedExtension(fd, ssl_renegotiation_info_xtn,
&siteSupportsSafeRenego);
MOZ_ASSERT(rv == SECSuccess);
if (rv != SECSuccess) {
siteSupportsSafeRenego = false;
if (channelInfo.protocolVersion != SSL_LIBRARY_VERSION_TLS_1_3) {
rv = SSL_HandshakeNegotiatedExtension(fd, ssl_renegotiation_info_xtn,
&siteSupportsSafeRenego);
MOZ_ASSERT(rv == SECSuccess);
if (rv != SECSuccess) {
siteSupportsSafeRenego = false;
}
} else {
// TLS 1.3 dropped support for renegotiation.
siteSupportsSafeRenego = true;
}
bool renegotiationUnsafe = !siteSupportsSafeRenego &&
ioLayerHelpers.treatUnsafeNegotiationAsBroken();