Google Git
Sign in
chromium / chromium / src.git / 074c158550d1ed05a8d50950292f39f0d9f41147^! / . / net / socket / ssl_client_socket_nss.cc
commit074c158550d1ed05a8d50950292f39f0d9f41147[log] [tgz]
author[email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98>Fri Jan 08 21:38:28 2010
committer[email protected] <[email protected]@0039d316-1c4b-4281-b951-d872f2087c98>Fri Jan 08 21:38:28 2010
treed1753f1c5bc961eded9e6846c41769e840bfbbe5
parent09d8e8d350fa13b4fdefb5afeaca006539c3c48c [diff] [blame]
NSS: disable DEFLATE compression if TLS is disabled.

BUG=31628
TEST=Goto https://www.txn.banking.pcfinancial.ca/a/authentication/preSignOn.ams?referid=loginBox_banking_go - you should not see an SSL error.

http://codereview.chromium.org/518074

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@35827 0039d316-1c4b-4281-b951-d872f2087c98

diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index ed766111..bcb57f19 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc

@@ -309,7 +309,11 @@
 #endif
 
 #ifdef SSL_ENABLE_DEFLATE
-  rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_DEFLATE, PR_TRUE);
+  // Some web servers have been found to break if TLS is used *or* if DEFLATE
+  // is advertised. Thus, if TLS is disabled (probably because we are doing
+  // SSLv3 fallback), we disable DEFLATE also.
+  // See http://crbug.com/31628
+  rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_DEFLATE, ssl_config_.tls1_enabled);
   if (rv != SECSuccess)
      LOG(INFO) << "SSL_ENABLE_DEFLATE failed.  Old system nss?";
 #endif