diff options
author | Adam Langley <agl@google.com> | 2015-04-01 13:11:01 -0700 |
---|---|---|
committer | Adam Langley <agl@google.com> | 2015-04-06 10:46:44 -0700 |
commit | b8cbbec76bb6e8c0b7cbd20bba06a1516ef26c23 (patch) | |
tree | b4398e22c8037f12987771c9b84f7a83c8b535a1 | |
parent | 367545d0b46d2b8a494af69ec086df325d04de11 (diff) | |
download | boringssl-chromium-2311.zip boringssl-chromium-2311.tar.gz boringssl-chromium-2311.tar.bz2 |
Don't False Start with DHE.chromium-2311
BUG=460271
Change-Id: Ic233511114012149e4a1074470c16bd9f701cf5a
Reviewed-on: https://boringssl-review.googlesource.com/4192
Reviewed-by: Adam Langley <agl@google.com>
-rw-r--r-- | ssl/ssl_lib.c | 6 |
1 files changed, 2 insertions, 4 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index d070e82..ce90f4d 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2895,14 +2895,12 @@ void SSL_get_structure_sizes(size_t *ssl_size, size_t *ssl_ctx_size, int ssl3_can_false_start(const SSL *s) { const SSL_CIPHER *const cipher = SSL_get_current_cipher(s); - /* False Start only for TLS 1.2 with a forward-secure, AEAD cipher and ALPN or - * NPN. */ + /* False Start only for TLS 1.2 with an ECDHE+AEAD cipher and ALPN or NPN. */ return !SSL_IS_DTLS(s) && SSL_version(s) >= TLS1_2_VERSION && (s->s3->alpn_selected || s->s3->next_proto_neg_seen) && cipher != NULL && - (cipher->algorithm_mkey == SSL_kEDH || - cipher->algorithm_mkey == SSL_kEECDH) && + cipher->algorithm_mkey == SSL_kEECDH && (cipher->algorithm_enc == SSL_AES128GCM || cipher->algorithm_enc == SSL_AES256GCM || cipher->algorithm_enc == SSL_CHACHA20POLY1305); |