nss/patches/nss-ssl-cbc-random-iv-off-by-default.patch0

   1 diff -up ./mozilla/security/nss/lib/ssl/sslsock.c.compatible ./mozilla/security/nss/lib/ssl/sslsock.c
   2 --- ./mozilla/security/nss/lib/ssl/sslsock.c.compatible 2012-01-05 13:54:36.430389994 -0800
   3 +++ ./mozilla/security/nss/lib/ssl/sslsock.c    2012-01-05 13:55:25.810750394 -0800
   4 @@ -184,7 +184,7 @@ static sslOptions ssl_defaults = {
   5      3,          /* enableRenegotiation (default: transitional) */
   6      PR_FALSE,   /* requireSafeNegotiation */
   7      PR_FALSE,   /* enableFalseStart   */
   8 -    PR_TRUE     /* cbcRandomIV        */
   9 +    PR_FALSE    /* cbcRandomIV        */ /* defaults to off for compatibility */
  10  };
  11
  12  sslSessionIDLookupFunc  ssl_sid_lookup;
  13 @@ -2359,9 +2359,9 @@ ssl_SetDefaultsFromEnvironment(void)
  14                         PR_TRUE));
  15         }
  16         ev = getenv("NSS_SSL_CBC_RANDOM_IV");
  17 -       if (ev && ev[0] == '0') {
  18 -           ssl_defaults.cbcRandomIV = PR_FALSE;
  19 -           SSL_TRACE(("SSL: cbcRandomIV set to 0"));
  20 +       if (ev && ev[0] == '1') {
  21 +           ssl_defaults.cbcRandomIV = PR_TRUE;
  22 +           SSL_TRACE(("SSL: cbcRandomIV set to 1"));
  23         }
  24      }
  25  #endif /* NSS_HAVE_GETENV */