Disable reusing of ECDHE keys with NSS.
This provides support for ephemeral ECDHE keys when using NSS.
BUG=4689
R=juberti@google.com, pthatcher@webrtc.org
Review URL: https://webrtc-codereview.appspot.com/56459005
Cr-Commit-Position: refs/heads/master@{#9323}
diff --git a/webrtc/base/nssstreamadapter.cc b/webrtc/base/nssstreamadapter.cc
index 9cebdda..22f2a2e 100644
--- a/webrtc/base/nssstreamadapter.cc
+++ b/webrtc/base/nssstreamadapter.cc
@@ -435,6 +435,15 @@
return false;
}
+ // Disable reusing of ECDHE keys. By default NSS, when in server mode, uses
+ // the same key for multiple connections, so disable this behaviour to get
+ // ephemeral keys.
+ rv = SSL_OptionSet(ssl_fd, SSL_REUSE_SERVER_ECDHE_KEY, PR_FALSE);
+ if (rv != SECSuccess) {
+ LOG(LS_ERROR) << "Error disabling ECDHE key reuse";
+ return false;
+ }
+
ssl_fd_ = ssl_fd;
return true;
