summaryrefslogtreecommitdiffstats
path: root/security/nss/lib/ssl/ssl.h
diff options
context:
space:
mode:
authorwolfbeast <mcwerewolf@gmail.com>2018-04-25 21:33:33 +0200
committerwolfbeast <mcwerewolf@gmail.com>2018-04-25 21:33:33 +0200
commitfba28f19754f62b5227650143d5441fc86d4c7d7 (patch)
tree26629d73f83543ff92a060fd7b310bb748b13173 /security/nss/lib/ssl/ssl.h
parentb4154e043bfc0d2f301d88304efc896989d650bf (diff)
downloadUXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar
UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar.gz
UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar.lz
UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.tar.xz
UXP-fba28f19754f62b5227650143d5441fc86d4c7d7.zip
Revert "Update NSS to 3.35-RTM"
This reverts commit f1a0f0a56fdd0fc39f255174ce08c06b91c66c94.
Diffstat (limited to 'security/nss/lib/ssl/ssl.h')
-rw-r--r--security/nss/lib/ssl/ssl.h49
1 files changed, 11 insertions, 38 deletions
diff --git a/security/nss/lib/ssl/ssl.h b/security/nss/lib/ssl/ssl.h
index 25aabbaa2..7e538ac1f 100644
--- a/security/nss/lib/ssl/ssl.h
+++ b/security/nss/lib/ssl/ssl.h
@@ -107,7 +107,8 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd);
#define SSL_NO_LOCKS 17 /* Don't use locks for protection */
#define SSL_ENABLE_SESSION_TICKETS 18 /* Enable TLS SessionTicket */
/* extension (off by default) */
-#define SSL_ENABLE_DEFLATE 19 /* (unsupported, deprecated, off) */
+#define SSL_ENABLE_DEFLATE 19 /* Enable TLS compression with */
+ /* DEFLATE (off by default) */
#define SSL_ENABLE_RENEGOTIATION 20 /* Values below (default: never) */
#define SSL_REQUIRE_SAFE_NEGOTIATION 21 /* Peer must send Signaling */
/* Cipher Suite Value (SCSV) or */
@@ -230,46 +231,25 @@ SSL_IMPORT PRFileDesc *DTLS_ImportFD(PRFileDesc *model, PRFileDesc *fd);
* parameters.
*
* The transition between the 0-RTT and 1-RTT modes is marked by the
- * handshake callback. However, it is possible to force the completion
- * of the handshake (and cause the handshake callback to be called)
- * prior to reading all 0-RTT data using SSL_ForceHandshake(). To
- * ensure that all early data is read before the handshake callback, any
- * time that SSL_ForceHandshake() returns a PR_WOULD_BLOCK_ERROR, use
- * PR_Read() to read all available data. If PR_Read() is called
- * multiple times, this will result in the handshake completing, but the
- * handshake callback will occur after early data has all been read.
+ * handshake callback.
*
* WARNING: 0-RTT data has different anti-replay and PFS properties than
- * the rest of the TLS data. See [draft-ietf-tls-tls13; Section 8]
+ * the rest of the TLS data. See [draft-ietf-tls-tls13; Section 6.2.3]
* for more details.
- *
- * Note: when DTLS 1.3 is in use, any 0-RTT data received after EndOfEarlyData
- * (e.g., because of reordering) is discarded.
*/
#define SSL_ENABLE_0RTT_DATA 33
-/* Enables TLS 1.3 compatibility mode. In this mode, the client includes a fake
- * session ID in the handshake and sends a ChangeCipherSpec. A server will
- * always use the setting chosen by the client, so the value of this option has
- * no effect for a server. This setting is ignored for DTLS. */
-#define SSL_ENABLE_TLS13_COMPAT_MODE 35
-
#ifdef SSL_DEPRECATED_FUNCTION
/* Old deprecated function names */
-SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRIntn on);
-SSL_IMPORT SECStatus SSL_EnableDefault(int option, PRIntn on);
+SSL_IMPORT SECStatus SSL_Enable(PRFileDesc *fd, int option, PRBool on);
+SSL_IMPORT SECStatus SSL_EnableDefault(int option, PRBool on);
#endif
-/* Set (and get) options for sockets and defaults for newly created sockets.
- *
- * While the |val| parameter of these methods is PRIntn, options only support
- * two values by default: PR_TRUE or PR_FALSE. The documentation of specific
- * options will explain if other values are permitted.
- */
-SSL_IMPORT SECStatus SSL_OptionSet(PRFileDesc *fd, PRInt32 option, PRIntn val);
-SSL_IMPORT SECStatus SSL_OptionGet(PRFileDesc *fd, PRInt32 option, PRIntn *val);
-SSL_IMPORT SECStatus SSL_OptionSetDefault(PRInt32 option, PRIntn val);
-SSL_IMPORT SECStatus SSL_OptionGetDefault(PRInt32 option, PRIntn *val);
+/* New function names */
+SSL_IMPORT SECStatus SSL_OptionSet(PRFileDesc *fd, PRInt32 option, PRBool on);
+SSL_IMPORT SECStatus SSL_OptionGet(PRFileDesc *fd, PRInt32 option, PRBool *on);
+SSL_IMPORT SECStatus SSL_OptionSetDefault(PRInt32 option, PRBool on);
+SSL_IMPORT SECStatus SSL_OptionGetDefault(PRInt32 option, PRBool *on);
SSL_IMPORT SECStatus SSL_CertDBHandleSet(PRFileDesc *fd, CERTCertDBHandle *dbHandle);
/* SSLNextProtoCallback is called during the handshake for the client, when a
@@ -1394,13 +1374,6 @@ extern const char *NSSSSL_GetVersion(void);
*/
SSL_IMPORT SECStatus SSL_AuthCertificateComplete(PRFileDesc *fd,
PRErrorCode error);
-
-/*
- * This is used to access experimental APIs. Don't call this directly. This is
- * used to enable the experimental APIs that are defined in "sslexp.h".
- */
-SSL_IMPORT void *SSL_GetExperimentalAPI(const char *name);
-
SEC_END_PROTOS
#endif /* __ssl_h_ */