generic-library/webrtc
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Disable reusing of ECDHE keys with NSS.

Browse Source 
This provides support for ephemeral ECDHE keys when using NSS.

BUG=4689
R=juberti@google.com, pthatcher@webrtc.org

Review URL: https://webrtc-codereview.appspot.com/56459005

Cr-Commit-Position: refs/heads/master@{#9323}
This commit is contained in:
Joachim Bauch 2015-05-29 00:29:09 +02:00
parent 5ee9f679a5
commit 35448372be
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
webrtc/base/nssstreamadapter.cc
View File

@ -435,6 +435,15 @@ bool NSSStreamAdapter::Init() {
return false;
}
// Disable reusing of ECDHE keys. By default NSS, when in server mode, uses
// the same key for multiple connections, so disable this behaviour to get
// ephemeral keys.
rv = SSL_OptionSet(ssl_fd, SSL_REUSE_SERVER_ECDHE_KEY, PR_FALSE);
if (rv != SECSuccess) {
LOG(LS_ERROR) << "Error disabling ECDHE key reuse";
return false;
}
ssl_fd_ = ssl_fd;
return true;