Bug 415033: added a hidden preference (in about:config) for enabling or disabling the TLS session ticket extension. The patch is contributed by Nagendra Modadugu <ngm+mozilla@google.com>. r=wtc,rrelyea,kengert a1.9+=damons Modified Files: netwerk/base/public/security-prefs.js security/manager/ssl/src/nsNSSComponent.cpp
authorwtc@google.com
Tue, 26 Feb 2008 15:09:39 -0800
changeset 12290 27db3e22005dd1c4536a5c31ad0391e3949e6f64
parent 12289 929a4bb77ddbc11c81a0ad5b92d3bd4d12b7f1bf
child 12291 23c108f5d84848ef2089cb0656a3e5572e3bff03
push id1
push userroot
push dateTue, 26 Apr 2011 22:38:44 +0000
treeherdermozilla-beta@bfdb6e623a36 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerswtc, rrelyea, kengert
bugs415033
milestone1.9b4pre
Bug 415033: added a hidden preference (in about:config) for enabling or disabling the TLS session ticket extension. The patch is contributed by Nagendra Modadugu <ngm+mozilla@google.com>. r=wtc,rrelyea,kengert a1.9+=damons Modified Files: netwerk/base/public/security-prefs.js security/manager/ssl/src/nsNSSComponent.cpp
netwerk/base/public/security-prefs.js
security/manager/ssl/src/nsNSSComponent.cpp
--- a/netwerk/base/public/security-prefs.js
+++ b/netwerk/base/public/security-prefs.js
@@ -1,13 +1,14 @@
 pref("general.useragent.security",       "U");
 
 pref("security.enable_ssl2",             false);
 pref("security.enable_ssl3",             true);
 pref("security.enable_tls",		 true);
+pref("security.enable_tls_session_tickets", true);
 
 pref("security.ssl2.rc4_128", false);
 pref("security.ssl2.rc2_128", false);
 pref("security.ssl2.des_ede3_192", false);
 pref("security.ssl2.des_64", false);
 pref("security.ssl2.rc4_40", false);
 pref("security.ssl2.rc2_40", false);
 pref("security.ssl3.rsa_rc4_128_md5", true);
--- a/security/manager/ssl/src/nsNSSComponent.cpp
+++ b/security/manager/ssl/src/nsNSSComponent.cpp
@@ -1591,16 +1591,20 @@ nsNSSComponent::InitializeNSS(PRBool sho
       mPrefBranch->GetBoolPref("security.enable_ssl2", &enabled);
       SSL_OptionSetDefault(SSL_ENABLE_SSL2, enabled);
       SSL_OptionSetDefault(SSL_V2_COMPATIBLE_HELLO, enabled);
       mPrefBranch->GetBoolPref("security.enable_ssl3", &enabled);
       SSL_OptionSetDefault(SSL_ENABLE_SSL3, enabled);
       mPrefBranch->GetBoolPref("security.enable_tls", &enabled);
       SSL_OptionSetDefault(SSL_ENABLE_TLS, enabled);
 
+      // Configure TLS session tickets
+      mPrefBranch->GetBoolPref("security.enable_tls_session_tickets", &enabled);
+      SSL_OptionSetDefault(SSL_ENABLE_SESSION_TICKETS, enabled);
+
       // Disable any ciphers that NSS might have enabled by default
       for (PRUint16 i = 0; i < SSL_NumImplementedCiphers; ++i)
       {
         PRUint16 cipher_id = SSL_ImplementedCiphers[i];
         SSL_CipherPrefSetDefault(cipher_id, PR_FALSE);
       }
 
       // Now only set SSL/TLS ciphers we knew about at compile time
@@ -2042,16 +2046,19 @@ nsNSSComponent::Observe(nsISupports *aSu
     } else if (prefName.Equals("security.enable_ssl3")) {
       mPrefBranch->GetBoolPref("security.enable_ssl3", &enabled);
       SSL_OptionSetDefault(SSL_ENABLE_SSL3, enabled);
       clearSessionCache = PR_TRUE;
     } else if (prefName.Equals("security.enable_tls")) {
       mPrefBranch->GetBoolPref("security.enable_tls", &enabled);
       SSL_OptionSetDefault(SSL_ENABLE_TLS, enabled);
       clearSessionCache = PR_TRUE;
+    } else if (prefName.Equals("security.enable_tls_session_tickets")) {
+      mPrefBranch->GetBoolPref("security.enable_tls_session_tickets", &enabled);
+      SSL_OptionSetDefault(SSL_ENABLE_SESSION_TICKETS, enabled);
     } else if (prefName.Equals("security.OCSP.enabled")
                || prefName.Equals("security.OCSP.require")) {
       setOCSPOptions(mPrefBranch);
     } else {
       /* Look through the cipher table and set according to pref setting */
       for (CipherPref* cp = CipherPrefs; cp->pref; ++cp) {
         if (prefName.Equals(cp->pref)) {
           mPrefBranch->GetBoolPref(cp->pref, &enabled);