Bug 1224875 - Enable TLS extended master secret. r=keeler
authorMasatoshi Kimura <VYV03354@nifty.ne.jp>
Sun, 13 Dec 2015 12:09:18 +0900
changeset 310404 2767f381c592989277a68c7670eef919722b9f34
parent 310400 f07e71078bc8991f74c2101944c8f869c77f442a
child 310405 e498a31dcf6176fdcd012599cb18fb43c969c4c8
push id5513
push userraliiev@mozilla.com
push dateMon, 25 Jan 2016 13:55:34 +0000
treeherdermozilla-beta@5ee97dd05b5c [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler
bugs1224875
milestone45.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1224875 - Enable TLS extended master secret. r=keeler
security/manager/ssl/nsNSSComponent.cpp
--- a/security/manager/ssl/nsNSSComponent.cpp
+++ b/security/manager/ssl/nsNSSComponent.cpp
@@ -1059,16 +1059,18 @@ nsNSSComponent::InitializeNSS()
 
   bool requireSafeNegotiation =
     Preferences::GetBool("security.ssl.require_safe_negotiation",
                          REQUIRE_SAFE_NEGOTIATION_DEFAULT);
   SSL_OptionSetDefault(SSL_REQUIRE_SAFE_NEGOTIATION, requireSafeNegotiation);
 
   SSL_OptionSetDefault(SSL_ENABLE_RENEGOTIATION, SSL_RENEGOTIATE_REQUIRES_XTN);
 
+  SSL_OptionSetDefault(SSL_ENABLE_EXTENDED_MASTER_SECRET, true);
+
   SSL_OptionSetDefault(SSL_ENABLE_FALSE_START,
                        Preferences::GetBool("security.ssl.enable_false_start",
                                             FALSE_START_ENABLED_DEFAULT));
 
   // SSL_ENABLE_NPN and SSL_ENABLE_ALPN also require calling
   // SSL_SetNextProtoNego in order for the extensions to be negotiated.
   // WebRTC does not do that so it will not use NPN or ALPN even when these
   // preferences are true.