From 1425f020c47b3cbe134f71717299714aead28502 Mon Sep 17 00:00:00 2001 From: wolfbeast Date: Sat, 1 Sep 2018 23:45:10 +0200 Subject: Remove support for TLS session caches in TLSServerSocket. This resolves #738 --- security/manager/ssl/nsNSSComponent.cpp | 14 -------------- security/manager/ssl/tests/unit/test_weak_crypto.js | 1 - 2 files changed, 15 deletions(-) (limited to 'security') diff --git a/security/manager/ssl/nsNSSComponent.cpp b/security/manager/ssl/nsNSSComponent.cpp index 71043a0e7..14b1312de 100644 --- a/security/manager/ssl/nsNSSComponent.cpp +++ b/security/manager/ssl/nsNSSComponent.cpp @@ -1938,20 +1938,6 @@ nsNSSComponent::InitializeNSS() return NS_ERROR_FAILURE; } - // TLSServerSocket may be run with the session cache enabled. It is necessary - // to call this once before that can happen. This specifies a maximum of 1000 - // cache entries (the default number of cache entries is 10000, which seems a - // little excessive as there probably won't be that many clients connecting to - // any TLSServerSockets the browser runs.) - // Note that this must occur before any calls to SSL_ClearSessionCache - // (otherwise memory will leak). - if (SSL_ConfigServerSessionIDCache(1000, 0, 0, nullptr) != SECSuccess) { -#ifdef ANDROID - MOZ_RELEASE_ASSERT(false); -#endif - return NS_ERROR_FAILURE; - } - // ensure the CertBlocklist is initialised nsCOMPtr certList = do_GetService(NS_CERTBLOCKLIST_CONTRACTID); #ifdef ANDROID diff --git a/security/manager/ssl/tests/unit/test_weak_crypto.js b/security/manager/ssl/tests/unit/test_weak_crypto.js index effedf8e3..3367e9067 100644 --- a/security/manager/ssl/tests/unit/test_weak_crypto.js +++ b/security/manager/ssl/tests/unit/test_weak_crypto.js @@ -77,7 +77,6 @@ function startServer(cert, rc4only) { onStopListening: function() {} }; - tlsServer.setSessionCache(false); tlsServer.setSessionTickets(false); tlsServer.setRequestClientCertificate(Ci.nsITLSServerSocket.REQUEST_NEVER); if (rc4only) { -- cgit v1.2.3