diff options
| author | Moonchild <moonchild@palemoon.org> | 2023-03-28 17:59:19 +0200 |
|---|---|---|
| committer | Moonchild <moonchild@palemoon.org> | 2023-03-28 17:59:19 +0200 |
| commit | ad7ffc05250bda780a9fb7a368405b5880c1e7dd (patch) | |
| tree | 3bd1fb8b7664a4653904523a74612e275737f1cc /security | |
| parent | 500ece900aacc117b4c3368e587a2d33bcb1519c (diff) | |
| download | uxp-ad7ffc05250bda780a9fb7a368405b5880c1e7dd.tar.gz | |
Issue #2180 - Follow-up: Move sentinel check up a bit.
Diffstat (limited to 'security')
| -rw-r--r-- | security/manager/ssl/nsNSSComponent.cpp | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp index 49620c176e..05527cf9b0 100644 --- a/security/manager/ssl/nsNSSComponent.cpp +++ b/security/manager/ssl/nsNSSComponent.cpp @@ -1854,7 +1854,13 @@ nsNSSComponent::InitializeNSS() SSL_OptionSetDefault(SSL_ENABLE_RENEGOTIATION, SSL_RENEGOTIATE_REQUIRES_XTN); SSL_OptionSetDefault(SSL_ENABLE_EXTENDED_MASTER_SECRET, true); - + + // Set TLS 1.3 hello downgrade sentinel? + bool enableDowngradeCheck = + Preferences::GetBool("security.tls.hello_downgrade_check", + HELLO_DOWNGRADE_CHECK_DEFAULT); + SSL_OptionSetDefault(SSL_ENABLE_HELLO_DOWNGRADE_CHECK, enableDowngradeCheck); + SSL_OptionSetDefault(SSL_ENABLE_FALSE_START, Preferences::GetBool("security.ssl.enable_false_start", FALSE_START_ENABLED_DEFAULT)); @@ -1879,12 +1885,6 @@ nsNSSComponent::InitializeNSS() Preferences::GetBool("security.ssl.enable_tls13_compat_mode", TLS13_COMPAT_MODE_DEFAULT)); - // Set TLS 1.3 hello downgrade sentinel? - bool enableDowngradeCheck = - Preferences::GetBool("security.tls.hello_downgrade_check", - HELLO_DOWNGRADE_CHECK_DEFAULT); - SSL_OptionSetDefault(SSL_ENABLE_HELLO_DOWNGRADE_CHECK, enableDowngradeCheck); - if (NS_FAILED(InitializeCipherSuite())) { |