From 35448372be7f7edff8339fa6ab556022dcea4126 Mon Sep 17 00:00:00 2001
From: Joachim Bauch <jbauch@webrtc.org>
Date: Fri, 29 May 2015 00:29:09 +0200
Subject: [PATCH] Disable reusing of ECDHE keys with NSS.

This provides support for ephemeral ECDHE keys when using NSS.

BUG=4689
R=juberti@google.com, pthatcher@webrtc.org

Review URL: https://webrtc-codereview.appspot.com/56459005

Cr-Commit-Position: refs/heads/master@{#9323}
---
 webrtc/base/nssstreamadapter.cc | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/webrtc/base/nssstreamadapter.cc b/webrtc/base/nssstreamadapter.cc
index 9cebddace7..22f2a2e2f4 100644
--- a/webrtc/base/nssstreamadapter.cc
+++ b/webrtc/base/nssstreamadapter.cc
@@ -435,6 +435,15 @@ bool NSSStreamAdapter::Init() {
     return false;
   }
 
+  // Disable reusing of ECDHE keys. By default NSS, when in server mode, uses
+  // the same key for multiple connections, so disable this behaviour to get
+  // ephemeral keys.
+  rv = SSL_OptionSet(ssl_fd, SSL_REUSE_SERVER_ECDHE_KEY, PR_FALSE);
+  if (rv != SECSuccess) {
+    LOG(LS_ERROR) << "Error disabling ECDHE key reuse";
+    return false;
+  }
+
   ssl_fd_ = ssl_fd;
 
   return true;