Author: rcritten
Update of /cvs/dirsec/mod_nss
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv20786
Modified Files:
nss.conf.in
Log Message:
Add TLS renegotiation options to the configuration file
Index: nss.conf.in
===================================================================
RCS file: /cvs/dirsec/mod_nss/nss.conf.in,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- nss.conf.in 20 Oct 2006 15:23:39 -0000 1.10
+++ nss.conf.in 18 Mar 2010 18:34:46 -0000 1.11
@@ -64,6 +64,17 @@
#NSSRandomSeed startup file:/dev/random 512
#NSSRandomSeed startup file:/dev/urandom 512
+#
+# TLS Negotiation configuration under RFC 5746
+#
+# Only renegotiate if the peer's hello bears the TLS renegotiation_info
+# extension. Default off.
+NSSRenegotiation off
+
+# Peer must send Signaling Cipher Suite Value (SCSV) or
+# Renegotiation Info (RI) extension in ALL handshakes. Default: off
+NSSRequireSafeNegotiation off
+
##
## SSL Virtual Host Context
##
Show replies by date