diff options
| author | John M. Schanck <jschanck@mozilla.com> | 2021-08-24 15:42:16 +0000 |
|---|---|---|
| committer | John M. Schanck <jschanck@mozilla.com> | 2021-08-24 15:42:16 +0000 |
| commit | 2736b13a7877d045be99eee7a72b9dd00484062e (patch) | |
| tree | b14fd80e8418f79d0e58cee34bd1eb96d6d56875 | |
| parent | e785b780f604e471be6343bc1595eff6ccd04e29 (diff) | |
| download | nss-hg-2736b13a7877d045be99eee7a72b9dd00484062e.tar.gz | |
Bug 1714579 Change default value of enableHelloDowngradeCheck to true r=mt
Firefox sets enableHelloDowngradeCheck to true by default, as of [1576790](https://bugzilla.mozilla.org/show_bug.cgi?id=1576790). We have a two year old open issue noting some issues with that [1590870](https://bugzilla.mozilla.org/show_bug.cgi?id=1590870), but I see no reason not to update the default in NSS.
Differential Revision: https://phabricator.services.mozilla.com/D122988
| -rw-r--r-- | lib/ssl/sslsock.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/ssl/sslsock.c b/lib/ssl/sslsock.c index 7feccf0e0..857d2f5bb 100644 --- a/lib/ssl/sslsock.c +++ b/lib/ssl/sslsock.c @@ -89,7 +89,7 @@ static sslOptions ssl_defaults = { .enableTls13CompatMode = PR_FALSE, .enableDtls13VersionCompat = PR_FALSE, .enableDtlsShortHeader = PR_FALSE, - .enableHelloDowngradeCheck = PR_FALSE, + .enableHelloDowngradeCheck = PR_TRUE, .enableV2CompatibleHello = PR_FALSE, .enablePostHandshakeAuth = PR_FALSE, .suppressEndOfEarlyData = PR_FALSE, |