Commit 6e848007 authored by Masatoshi Kimura's avatar Masatoshi Kimura
Browse files

Bug 1248198 - Remove the "security.ssl.enable_npn" pref. r=keeler,mcmanus 

MozReview-Commit-ID: J6nYmNAipyL

--HG--
extra : rebase_source : 26b65f99f446f4198ca1b3fd74765f96fd37d85d
parent 133e2847

netwerk/base/security-prefs.js

+0 −1
Original line number Diff line number Diff line
@@ -14,7 +14,6 @@ pref("security.ssl.require_safe_negotiation", false); 
pref("security.ssl.enable_ocsp_stapling", true);

pref("security.ssl.enable_false_start", true);

pref("security.ssl.false_start.require-npn", false);

pref("security.ssl.enable_npn", true);

pref("security.ssl.enable_alpn", true);



pref("security.ssl3.ecdhe_rsa_aes_128_gcm_sha256", true);

security/manager/ssl/nsNSSComponent.cpp

+4 −12
Original line number Diff line number Diff line
@@ -1429,7 +1429,6 @@ nsNSSComponent::FillTLSVersionRange(SSLVersionRange& rangeOut, 
static const int32_t OCSP_ENABLED_DEFAULT = 1;

static const bool REQUIRE_SAFE_NEGOTIATION_DEFAULT = false;

static const bool FALSE_START_ENABLED_DEFAULT = true;

static const bool NPN_ENABLED_DEFAULT = true;

static const bool ALPN_ENABLED_DEFAULT = false;

static const bool ENABLED_0RTT_DATA_DEFAULT = false;
@@ -1885,13 +1884,10 @@ nsNSSComponent::InitializeNSS() 
                       Preferences::GetBool("security.ssl.enable_false_start",

                                            FALSE_START_ENABLED_DEFAULT));



  // SSL_ENABLE_NPN and SSL_ENABLE_ALPN also require calling

  // SSL_SetNextProtoNego in order for the extensions to be negotiated.

  // WebRTC does not do that so it will not use NPN or ALPN even when these

  // preferences are true.

  SSL_OptionSetDefault(SSL_ENABLE_NPN,

                       Preferences::GetBool("security.ssl.enable_npn",

                                            NPN_ENABLED_DEFAULT));

  // SSL_ENABLE_ALPN also requires calling SSL_SetNextProtoNego in order for

  // the extensions to be negotiated.

  // WebRTC does not do that so it will not use ALPN even when this preference

  // is true.

  SSL_OptionSetDefault(SSL_ENABLE_ALPN,

                       Preferences::GetBool("security.ssl.enable_alpn",

                                            ALPN_ENABLED_DEFAULT));
@@ -2096,10 +2092,6 @@ nsNSSComponent::Observe(nsISupports* aSubject, const char* aTopic, 
      SSL_OptionSetDefault(SSL_ENABLE_FALSE_START,

                           Preferences::GetBool("security.ssl.enable_false_start",

                                                FALSE_START_ENABLED_DEFAULT));

    } else if (prefName.EqualsLiteral("security.ssl.enable_npn")) {

      SSL_OptionSetDefault(SSL_ENABLE_NPN,

                           Preferences::GetBool("security.ssl.enable_npn",

                                                NPN_ENABLED_DEFAULT));

    } else if (prefName.EqualsLiteral("security.ssl.enable_alpn")) {

      SSL_OptionSetDefault(SSL_ENABLE_ALPN,

                           Preferences::GetBool("security.ssl.enable_alpn",