Bug 917049 - Remove the security.enable_tls_session_tickets pref. r=keeler
authorMichael Harrison <mjh563@yahoo.co.uk>
Tue, 22 Oct 2013 12:33:00 +0100
changeset 151938 20ee43b8e3a70a23734bf3bd3782e546e4e24a05
parent 151937 a151e014c5623ad57bc54cd784caaa9cf720d25a
child 151939 666d2f3254ab78b282bd6bd91b69d750475320b6
push id25514
push usercbook@mozilla.com
push dateFri, 25 Oct 2013 08:12:42 +0000
treeherdermozilla-central@186e834d87dc [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler
bugs917049
milestone27.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 917049 - Remove the security.enable_tls_session_tickets pref. r=keeler
netwerk/base/public/security-prefs.js
security/manager/ssl/src/nsNSSComponent.cpp
--- a/netwerk/base/public/security-prefs.js
+++ b/netwerk/base/public/security-prefs.js
@@ -1,15 +1,14 @@
 /* This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 pref("security.tls.version.min", 0);
 pref("security.tls.version.max", 1);
-pref("security.enable_tls_session_tickets", true);
 pref("security.enable_md5_signatures", false);
 
 pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", false);
 pref("security.ssl.renego_unrestricted_hosts", "");
 pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
 pref("security.ssl.require_safe_negotiation",  false);
 pref("security.ssl.warn_missing_rfc5746",  1);
 pref("security.ssl.enable_ocsp_stapling", true);
--- a/security/manager/ssl/src/nsNSSComponent.cpp
+++ b/security/manager/ssl/src/nsNSSComponent.cpp
@@ -1037,17 +1037,16 @@ static void configureMD5(bool enabled)
         0, NSS_USE_ALG_IN_CERT_SIGNATURE | NSS_USE_ALG_IN_CMS_SIGNATURE);
     NSS_SetAlgorithmPolicy(SEC_OID_PKCS5_PBE_WITH_MD5_AND_DES_CBC,
         0, NSS_USE_ALG_IN_CERT_SIGNATURE | NSS_USE_ALG_IN_CMS_SIGNATURE);
   }
 }
 
 static const bool SUPPRESS_WARNING_PREF_DEFAULT = false;
 static const bool MD5_ENABLED_DEFAULT = false;
-static const bool TLS_SESSION_TICKETS_ENABLED_DEFAULT = true;
 static const bool REQUIRE_SAFE_NEGOTIATION_DEFAULT = false;
 static const bool ALLOW_UNRESTRICTED_RENEGO_DEFAULT = false;
 static const bool FALSE_START_ENABLED_DEFAULT = true;
 static const bool CIPHER_ENABLED_DEFAULT = false;
 
 nsresult
 nsNSSComponent::InitializeNSS(bool showWarningBox)
 {
@@ -1197,21 +1196,17 @@ nsNSSComponent::InitializeNSS(bool showW
         nsPSMInitPanic::SetPanic();
         return NS_ERROR_UNEXPECTED;
       }
 
       bool md5Enabled = Preferences::GetBool("security.enable_md5_signatures",
                                              MD5_ENABLED_DEFAULT);
       configureMD5(md5Enabled);
 
-      // Configure TLS session tickets
-      bool tlsSessionTicketsEnabled =
-        Preferences::GetBool("security.enable_tls_session_tickets",
-                             TLS_SESSION_TICKETS_ENABLED_DEFAULT);
-      SSL_OptionSetDefault(SSL_ENABLE_SESSION_TICKETS, tlsSessionTicketsEnabled);
+      SSL_OptionSetDefault(SSL_ENABLE_SESSION_TICKETS, true);
 
       bool requireSafeNegotiation =
         Preferences::GetBool("security.ssl.require_safe_negotiation",
                              REQUIRE_SAFE_NEGOTIATION_DEFAULT);
       SSL_OptionSetDefault(SSL_REQUIRE_SAFE_NEGOTIATION, requireSafeNegotiation);
 
       bool allowUnrestrictedRenego =
         Preferences::GetBool("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref",
@@ -1633,21 +1628,16 @@ nsNSSComponent::Observe(nsISupports *aSu
         prefName.Equals("security.tls.version.max")) {
       (void) setEnabledTLSVersions();
       clearSessionCache = true;
     } else if (prefName.Equals("security.enable_md5_signatures")) {
       bool md5Enabled = Preferences::GetBool("security.enable_md5_signatures",
                                              MD5_ENABLED_DEFAULT);
       configureMD5(md5Enabled);
       clearSessionCache = true;
-    } else if (prefName.Equals("security.enable_tls_session_tickets")) {
-      bool tlsSessionTicketsEnabled =
-        Preferences::GetBool("security.enable_tls_session_tickets",
-                             TLS_SESSION_TICKETS_ENABLED_DEFAULT);
-      SSL_OptionSetDefault(SSL_ENABLE_SESSION_TICKETS, tlsSessionTicketsEnabled);
     } else if (prefName.Equals("security.ssl.require_safe_negotiation")) {
       bool requireSafeNegotiation =
         Preferences::GetBool("security.ssl.require_safe_negotiation",
                              REQUIRE_SAFE_NEGOTIATION_DEFAULT);
       SSL_OptionSetDefault(SSL_REQUIRE_SAFE_NEGOTIATION, requireSafeNegotiation);
     } else if (prefName.Equals("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref")) {
       bool allowUnrestrictedRenego =
         Preferences::GetBool("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref",