SSL False Start Support

 * Adds TLS false start support. This allows us to start sending encrypted
   data before we have validated the server's Finished message. (This
   behaviour is already enabled on Android.)

   I've verified that this works using netem to add a 200ms delay on the
   loopback adaptor. I've also checked that an incorrect Finished message from
   the server causes an error by hacking the Go TLS server.

   Beware when looking at packet traces that the time taken in NSS's SQLite
   calls can exceed the RTT of the connection and make it appear that this
   code isn't functioning.

 * Adds DEBUG and TRACE defines to libssl when building Chromium in Debug
   mode. This means that setting SSLTRACE in the environment now works for
   debug builds.

http://codereview.chromium.org/518065
BUG=none
TEST=none

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@39905 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 6 insertions, 0 deletions

diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index 2c703d6..d1d0054 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -380,6 +380,12 @@ int SSLClientSocketNSS::InitializeSSLOptions() {
      LOG(INFO) << "SSL_ENABLE_DEFLATE failed.  Old system nss?";
 #endif
 
+#ifdef SSL_ENABLE_FALSE_START
+  rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALSE_START, PR_TRUE);
+  if (rv != SECSuccess)
+     LOG(INFO) << "SSL_ENABLE_FALSE_START failed.  Old system nss?";
+#endif
+
 #ifdef SSL_ENABLE_RENEGOTIATION
   // We allow servers to request renegotiation. Since we're a client,
   // prohibiting this is rather a waste of time. Only servers are in a position