commit a0deaecf001cf21b043c968d10200307d4105ec2
author davidben@chromium.org <davidben@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> Wed Aug 18 23:39:52 2010
committer davidben@chromium.org <davidben@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> Wed Aug 18 23:39:52 2010
tree e65a114afed3be4c39e0ad7bb217a5a2638bfcef
parent da81f13c4d59797f9a83c35a8acc544138df499f

Add a command-line flag to disable SSL/TLS False Start

Some servers are not compatible with False Start. Adding a command-line
flag will make it easier to test and verify such cases.

Also, blacklist www.picnik.com as incompatible with False Start.

BUG=50650
TEST=see bug

Review URL: http://codereview.chromium.org/3167015

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@56622 0039d316-1c4b-4281-b951-d872f2087c98

net/socket/ssl_client_socket_nss.cc

diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index cef4744..b02eb2b 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -504,9 +504,12 @@
 #endif
 
 #ifdef SSL_ENABLE_FALSE_START
-  rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALSE_START, PR_TRUE);
+  rv = SSL_OptionSet(
+      nss_fd_, SSL_ENABLE_FALSE_START,
+      ssl_config_.false_start_enabled &&
+      !SSLConfigService::IsKnownFalseStartIncompatibleServer(hostname_));
   if (rv != SECSuccess)
-     LOG(INFO) << "SSL_ENABLE_FALSE_START failed.  Old system nss?";
+    LOG(INFO) << "SSL_ENABLE_FALSE_START failed.  Old system nss?";
 #endif
 
 #ifdef SSL_ENABLE_RENEGOTIATION