Bug 1550834 - Don't use TLS session ticket if the channel is isolated by anti-tracking checks, r=valentin
authorMichal Novotny <michal.novotny@gmail.com>
Fri, 10 May 2019 20:53:08 +0000
changeset 532372 e4f5f5cdc59d5f2f9a890f7cacf96f275c704ebd
parent 532371 b6f4ce748f196ca35e952bf6d85975d92d2b847a
child 532373 e0910edd4fc73cc0ed2932e7c7e2744ae7972e1f
push id11265
push userffxbld-merge
push dateMon, 13 May 2019 10:53:39 +0000
treeherdermozilla-beta@77e0fe8dbdd3 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersvalentin
bugs1550834
milestone68.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1550834 - Don't use TLS session ticket if the channel is isolated by anti-tracking checks, r=valentin Differential Revision: https://phabricator.services.mozilla.com/D30686
security/manager/ssl/nsNSSIOLayer.cpp
--- a/security/manager/ssl/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/nsNSSIOLayer.cpp
@@ -2480,17 +2480,18 @@ static nsresult nsSSLIOLayerSetOptions(P
   nsAutoCString suffix;
   infoObject->GetOriginAttributes().CreateSuffix(suffix);
   peerId.Append(suffix);
   if (SECSuccess != SSL_SetSockPeerID(fd, peerId.get())) {
     return NS_ERROR_FAILURE;
   }
 
   if (flags & nsISocketProvider::NO_PERMANENT_STORAGE) {
-    if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_SESSION_TICKETS, false)) {
+    if (SECSuccess != SSL_OptionSet(fd, SSL_ENABLE_SESSION_TICKETS, false) ||
+        SECSuccess != SSL_OptionSet(fd, SSL_NO_CACHE, true)) {
       return NS_ERROR_FAILURE;
     }
   }
 
   return NS_OK;
 }
 
 nsresult nsSSLIOLayerAddToSocket(int32_t family, const char* host, int32_t port,