summaryrefslogtreecommitdiffstats
path: root/net/socket/ssl_client_socket_nss.cc
diff options
context:
space:
mode:
authoragl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-01-08 21:38:28 +0000
committeragl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-01-08 21:38:28 +0000
commit074c158550d1ed05a8d50950292f39f0d9f41147 (patch)
treed1753f1c5bc961eded9e6846c41769e840bfbbe5 /net/socket/ssl_client_socket_nss.cc
parent09d8e8d350fa13b4fdefb5afeaca006539c3c48c (diff)
downloadchromium_src-074c158550d1ed05a8d50950292f39f0d9f41147.zip
chromium_src-074c158550d1ed05a8d50950292f39f0d9f41147.tar.gz
chromium_src-074c158550d1ed05a8d50950292f39f0d9f41147.tar.bz2
NSS: disable DEFLATE compression if TLS is disabled.
BUG=31628 TEST=Goto https://www.txn.banking.pcfinancial.ca/a/authentication/preSignOn.ams?referid=loginBox_banking_go - you should not see an SSL error. http://codereview.chromium.org/518074 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@35827 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/socket/ssl_client_socket_nss.cc')
-rw-r--r--net/socket/ssl_client_socket_nss.cc6
1 files changed, 5 insertions, 1 deletions
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index ed76611..bcb57f1 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -309,7 +309,11 @@ int SSLClientSocketNSS::InitializeSSLOptions() {
#endif
#ifdef SSL_ENABLE_DEFLATE
- rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_DEFLATE, PR_TRUE);
+ // Some web servers have been found to break if TLS is used *or* if DEFLATE
+ // is advertised. Thus, if TLS is disabled (probably because we are doing
+ // SSLv3 fallback), we disable DEFLATE also.
+ // See http://crbug.com/31628
+ rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_DEFLATE, ssl_config_.tls1_enabled);
if (rv != SECSuccess)
LOG(INFO) << "SSL_ENABLE_DEFLATE failed. Old system nss?";
#endif
generated by cgit v1.1 at 2025-01-20 16:56:10 +0000