Don't False Start with DHE.chromium-2311

BUG=460271 Change-Id: Ic233511114012149e4a1074470c16bd9f701cf5a Reviewed-on: https://boringssl-review.googlesource.com/4192 Reviewed-by: Adam Langley <agl@google.com>
author: Adam Langley <agl@google.com> 2015-04-01 13:11:01 -0700
committer: Adam Langley <agl@google.com> 2015-04-06 10:46:44 -0700
commit: b8cbbec76bb6e8c0b7cbd20bba06a1516ef26c23 (patch)
tree: b4398e22c8037f12987771c9b84f7a83c8b535a1
parent: 367545d0b46d2b8a494af69ec086df325d04de11 (diff)
download: boringssl-chromium-2311.zip
boringssl-chromium-2311.tar.gz
boringssl-chromium-2311.tar.bz2
1 files changed, 2 insertions, 4 deletions
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index d070e82..ce90f4d 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c
@@ -2895,14 +2895,12 @@ void SSL_get_structure_sizes(size_t *ssl_size, size_t *ssl_ctx_size,
 int ssl3_can_false_start(const SSL *s) {
   const SSL_CIPHER *const cipher = SSL_get_current_cipher(s);
 
-  /* False Start only for TLS 1.2 with a forward-secure, AEAD cipher and ALPN or
-   * NPN. */
+  /* False Start only for TLS 1.2 with an ECDHE+AEAD cipher and ALPN or NPN. */
   return !SSL_IS_DTLS(s) &&
       SSL_version(s) >= TLS1_2_VERSION &&
       (s->s3->alpn_selected || s->s3->next_proto_neg_seen) &&
       cipher != NULL &&
-      (cipher->algorithm_mkey == SSL_kEDH ||
-       cipher->algorithm_mkey == SSL_kEECDH) &&
+      cipher->algorithm_mkey == SSL_kEECDH &&
       (cipher->algorithm_enc == SSL_AES128GCM ||
        cipher->algorithm_enc == SSL_AES256GCM ||
        cipher->algorithm_enc == SSL_CHACHA20POLY1305);
author	Adam Langley <agl@google.com>	2015-04-01 13:11:01 -0700
committer	Adam Langley <agl@google.com>	2015-04-06 10:46:44 -0700
commit	b8cbbec76bb6e8c0b7cbd20bba06a1516ef26c23 (patch)
tree	b4398e22c8037f12987771c9b84f7a83c8b535a1
parent	367545d0b46d2b8a494af69ec086df325d04de11 (diff)
download	boringssl-chromium-2311.zip boringssl-chromium-2311.tar.gz boringssl-chromium-2311.tar.bz2