diff options
| author | agl@google.com <agl@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-04-10 22:34:36 +0000 |
|---|---|---|
| committer | agl@google.com <agl@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-04-10 22:34:36 +0000 |
| commit | 35327b5afc3d3ee71aa95fd76eca7792eb2d2055 (patch) | |
| tree | 4c650aedb210f1925dedcf24069ec12d57a0e16f /net/third_party | |
| parent | 984ad4b32076274757a91e9ac68bd9e3eaf472d2 (diff) | |
| download | chromium_src-35327b5afc3d3ee71aa95fd76eca7792eb2d2055.zip chromium_src-35327b5afc3d3ee71aa95fd76eca7792eb2d2055.tar.gz chromium_src-35327b5afc3d3ee71aa95fd76eca7792eb2d2055.tar.bz2 | |
net: False Start only for NPN capable servers.
This change causes NSS only to False Start with NPN capable servers. It also
removes the False Start blacklist and this has the effect of enabling 1/n-1
record splitting for those hosts that were previously on the blacklist.
However, those hosts have been getting 1/n-1 from Opera, Firefox and IE for a
few months now.
BUG=none
TEST=net_unittests
Review URL: http://codereview.chromium.org/10014010
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@131649 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/third_party')
| -rw-r--r-- | net/third_party/nss/README.chromium | 3 | ||||
| -rwxr-xr-x | net/third_party/nss/patches/applypatches.sh | 2 | ||||
| -rw-r--r-- | net/third_party/nss/ssl/ssl3con.c | 1 | ||||
| -rw-r--r-- | net/third_party/nss/ssl/ssl3ext.c | 4 |
4 files changed, 10 insertions, 0 deletions
diff --git a/net/third_party/nss/README.chromium b/net/third_party/nss/README.chromium index 6e2ca29..d7110f0 100644 --- a/net/third_party/nss/README.chromium +++ b/net/third_party/nss/README.chromium @@ -65,6 +65,9 @@ Patches: https://bugzilla.mozilla.org/show_bug.cgi?id=681065 patches/dtls.patch + * Enable False Start only when the server supports NPN. + patches/falsestartnpn.patch + Apply the patches to NSS by running the patches/applypatches.sh script. Read the comments at the top of patches/applypatches.sh for instructions. diff --git a/net/third_party/nss/patches/applypatches.sh b/net/third_party/nss/patches/applypatches.sh index dbb603e..766a0ca 100755 --- a/net/third_party/nss/patches/applypatches.sh +++ b/net/third_party/nss/patches/applypatches.sh @@ -34,3 +34,5 @@ patch -p6 < $patches_dir/restartclientauth.patch patch -p6 < $patches_dir/encryptedclientcerts.patch patch -p4 < $patches_dir/dtls.patch + +patch -p6 < $patches_dir/falsestartnpn.patch diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c index e8a7f017..d0eb042 100644 --- a/net/third_party/nss/ssl/ssl3con.c +++ b/net/third_party/nss/ssl/ssl3con.c @@ -6086,6 +6086,7 @@ ssl3_CanFalseStart(sslSocket *ss) { rv = ss->opt.enableFalseStart && !ss->sec.isServer && !ss->ssl3.hs.isResuming && + ssl3_ExtensionNegotiated(ss, ssl_next_proto_nego_xtn) && ss->ssl3.cwSpec && ss->ssl3.cwSpec->cipher_def->secret_key_size >= 10 && (ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_rsa || diff --git a/net/third_party/nss/ssl/ssl3ext.c b/net/third_party/nss/ssl/ssl3ext.c index 80c1f7f..4e043b8 100644 --- a/net/third_party/nss/ssl/ssl3ext.c +++ b/net/third_party/nss/ssl/ssl3ext.c @@ -567,6 +567,8 @@ ssl3_ServerHandleNextProtoNegoXtn(sslSocket * ss, PRUint16 ex_type, SECItem *dat return SECFailure; } + ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; + return SECSuccess; } @@ -635,6 +637,8 @@ ssl3_ClientHandleNextProtoNegoXtn(sslSocket *ss, PRUint16 ex_type, return SECFailure; } + ss->xtnData.negotiated[ss->xtnData.numNegotiated++] = ex_type; + SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); return SECITEM_CopyItem(NULL, &ss->ssl3.nextProto, &result); } |