summaryrefslogtreecommitdiffstats
path: root/net/third_party/nss/ssl/ssl3con.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/third_party/nss/ssl/ssl3con.c')
-rw-r--r--net/third_party/nss/ssl/ssl3con.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/net/third_party/nss/ssl/ssl3con.c b/net/third_party/nss/ssl/ssl3con.c
index 5476fa5..1465558 100644
--- a/net/third_party/nss/ssl/ssl3con.c
+++ b/net/third_party/nss/ssl/ssl3con.c
@@ -6108,6 +6108,10 @@ ssl3_CanFalseStart(sslSocket *ss) {
rv = ss->opt.enableFalseStart &&
!ss->sec.isServer &&
!ss->ssl3.hs.isResuming &&
+ /* This check for NPN is performed here because we can't call
+ * SSL_HandshakeNegotiatedExtension in the auth callback because of
+ * lock ordering issues. See crbug.com/125299 */
+ ssl3_ExtensionNegotiated(ss, ssl_next_proto_nego_xtn) &&
ss->ssl3.cwSpec &&
/* An attacker can control the selected ciphersuite so we only wish to
generated by cgit v1.1 at 2025-05-10 22:28:12 +0000