Disable SSL Session Ticket extension for OpenSSLSocket
Due to compatability issues with some sites, disable this SSL extension which wasn't present in Eclair. See also:
b/2682876 Some ssl sites cause "A secure connection could not be established" error
Change-Id: Ib42fb249eb0f8d645ae3f983c77cb278ca54f946
diff --git a/libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp b/libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
index 5191fdc..8d9241f 100644
--- a/libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
+++ b/libcore/x-net/src/main/native/org_apache_harmony_xnet_provider_jsse_NativeCrypto.cpp
@@ -1306,8 +1306,9 @@
ssl_ctx = SSL_CTX_new(SSLv23_client_method());
- // Note: We explicitly do not allow SSLv2 to be used. It
- SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
+ // Note: We explicitly do not allow SSLv2 to be used.
+ // We also disable session tickets for better compatability b/2682876
+ SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_TICKET);
/* Java code in class OpenSSLSocketImpl does the verification. Meaning of
* SSL_VERIFY_NONE flag in client mode: if not using an anonymous cipher