summaryrefslogtreecommitdiff
path: root/security/manager
diff options
context:
space:
mode:
Diffstat (limited to 'security/manager')
-rw-r--r--security/manager/ssl/nsNSSComponent.cpp14
1 files changed, 7 insertions, 7 deletions
diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp
index 49620c176e..05527cf9b0 100644
--- a/security/manager/ssl/nsNSSComponent.cpp
+++ b/security/manager/ssl/nsNSSComponent.cpp
@@ -1854,7 +1854,13 @@ nsNSSComponent::InitializeNSS()
SSL_OptionSetDefault(SSL_ENABLE_RENEGOTIATION, SSL_RENEGOTIATE_REQUIRES_XTN);
SSL_OptionSetDefault(SSL_ENABLE_EXTENDED_MASTER_SECRET, true);
-
+
+ // Set TLS 1.3 hello downgrade sentinel?
+ bool enableDowngradeCheck =
+ Preferences::GetBool("security.tls.hello_downgrade_check",
+ HELLO_DOWNGRADE_CHECK_DEFAULT);
+ SSL_OptionSetDefault(SSL_ENABLE_HELLO_DOWNGRADE_CHECK, enableDowngradeCheck);
+
SSL_OptionSetDefault(SSL_ENABLE_FALSE_START,
Preferences::GetBool("security.ssl.enable_false_start",
FALSE_START_ENABLED_DEFAULT));
@@ -1879,12 +1885,6 @@ nsNSSComponent::InitializeNSS()
Preferences::GetBool("security.ssl.enable_tls13_compat_mode",
TLS13_COMPAT_MODE_DEFAULT));
- // Set TLS 1.3 hello downgrade sentinel?
- bool enableDowngradeCheck =
- Preferences::GetBool("security.tls.hello_downgrade_check",
- HELLO_DOWNGRADE_CHECK_DEFAULT);
- SSL_OptionSetDefault(SSL_ENABLE_HELLO_DOWNGRADE_CHECK, enableDowngradeCheck);
-
if (NS_FAILED(InitializeCipherSuite())) {
generated by cgit v1.2.3 (git 2.26.2) at 2024-11-10 05:23:08 +0000