Commit c17caaa6 authored by Jeff Huang's avatar Jeff Huang 🤔

[skip-ci] lib32-nss: update to 3.40

parent c9e80274
Pipeline #1623 skipped
_pkgbasename=nss
pkgname=lib32-${_pkgbasename}
pkgver=3.39
pkgver=3.40
pkgrel=1
pkgdesc="Mozilla Network Security Services (32-bit)"
arch=('x86_64')
......@@ -12,7 +12,7 @@ makedepends=('perl' 'lib32-gcc-libs')
options=('!strip' '!makeflags' staticlibs)
source=(https://ftp.mozilla.org/pub/security/nss/releases/NSS_${pkgver//./_}_RTM/src/${_pkgbasename}-${pkgver}.tar.gz
nss.pc.in)
sha256sums=('6be64dd76f212415cc8bc34343ac1e7389048db4db9a023a84873c411dc5864b'
sha256sums=('0562087b8bda072bf5964f8acf851f9c0997a59c384f4887cb517b3b628b32dd'
'b9f1428ca2305bf30b109507ff335fa00bce5a7ce0434b50acd26ad7c47dd5bd')
prepare() {
......
Enable transitional scheme for ssl renegotiation:
(from mozilla/security/nss/lib/ssl/ssl.h)
Disallow unsafe renegotiation in server sockets only, but allow clients
to continue to renegotiate with vulnerable servers.
This value should only be used during the transition period when few
servers have been upgraded.
diff --git a/mozilla/security/nss/lib/ssl/sslsock.c b/mozilla/security/nss/lib/ssl/sslsock.c
index f1d1921..c074360 100644
--- a/mozilla/security/nss/lib/ssl/sslsock.c
+++ b/mozilla/security/nss/lib/ssl/sslsock.c
@@ -181,7 +181,7 @@ static sslOptions ssl_defaults = {
PR_FALSE, /* noLocks */
PR_FALSE, /* enableSessionTickets */
PR_FALSE, /* enableDeflate */
- 2, /* enableRenegotiation (default: requires extension) */
+ 3, /* enableRenegotiation (default: transitional) */
PR_FALSE, /* requireSafeNegotiation */
};
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment