Bug 1131880 - Modify the condition to disallow PR_CONNECT_RESET_ERROR on fallback. r=keeler, a=lmandel
authorMasatoshi Kimura <VYV03354@nifty.ne.jp>
Mon, 16 Feb 2015 20:03:06 +0900
changeset 249802 f67ec464e569a294723045ed3f224441b5481c3a
parent 249801 02451c7d1558e2967b7f63fa79074d2a2f8bd38e
child 249803 2e3aaa26bca4df3c91383708135d179467db4493
push id4489
push userraliiev@mozilla.com
push dateMon, 23 Feb 2015 15:17:55 +0000
treeherdermozilla-beta@fd7c3dc24146 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler, lmandel
bugs1131880
milestone37.0a2
Bug 1131880 - Modify the condition to disallow PR_CONNECT_RESET_ERROR on fallback. r=keeler, a=lmandel
security/manager/ssl/src/nsNSSIOLayer.cpp
--- a/security/manager/ssl/src/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/src/nsNSSIOLayer.cpp
@@ -1228,20 +1228,20 @@ retryDueToTLSIntolerance(PRErrorCode err
                           tlsIntoleranceTelemetryBucket(originalReason));
 
     socketInfo->SharedState().IOLayerHelpers()
       .forgetIntolerance(socketInfo->GetHostName(), socketInfo->GetPort());
 
     return false;
   }
 
-  // Allow PR_CONNECT_RESET_ERROR only for whitelisted sites.
+  // Disallow PR_CONNECT_RESET_ERROR if fallback limit reached.
   if (err == PR_CONNECT_RESET_ERROR &&
-      !socketInfo->SharedState().IOLayerHelpers()
-        .isInsecureFallbackSite(socketInfo->GetHostName())) {
+      socketInfo->SharedState().IOLayerHelpers()
+        .fallbackLimitReached(socketInfo->GetHostName(), range.max)) {
     return false;
   }
 
   if ((err == SSL_ERROR_NO_CYPHER_OVERLAP || err == PR_END_OF_FILE_ERROR ||
        err == PR_CONNECT_RESET_ERROR) &&
       nsNSSComponent::AreAnyWeakCiphersEnabled()) {
     if (socketInfo->SharedState().IOLayerHelpers()
                   .rememberStrongCiphersFailed(socketInfo->GetHostName(),