feat: Enable SSL_ENABLE_CH_EXTENSION_PERMUTATION (#2217)

* feat: Enable `SSL_ENABLE_CH_EXTENSION_PERMUTATION` This enables the NSS `SSL_ENABLE_CH_EXTENSION_PERMUTATION` option by default. CC @martinthomson @dennisjackson * fmt
mozilla · Nov 6, 2024 · 5d8651a · 5d8651a
1 parent c0a2bfe
commit 5d8651a
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 0 deletions.
diff --git a/neqo-crypto/bindings/bindings.toml b/neqo-crypto/bindings/bindings.toml
@@ -103,6 +103,7 @@ variables = [
     "SSL_ENABLE_HELLO_DOWNGRADE_CHECK",
     "SSL_SUPPRESS_END_OF_EARLY_DATA",
     "SSL_ENABLE_GREASE",
+    "SSL_ENABLE_CH_EXTENSION_PERMUTATION"
 ]
 
 [nss_ciphers]

diff --git a/neqo-crypto/src/agent.rs b/neqo-crypto/src/agent.rs
@@ -408,6 +408,7 @@ impl SecretAgent {
         self.set_option(ssl::Opt::Tickets, false)?;
         self.set_option(ssl::Opt::OcspStapling, true)?;
         self.set_option(ssl::Opt::Grease, grease)?;
+        self.set_option(ssl::Opt::EnableChExtensionPermutation, true)?;
         Ok(())
     }
 

diff --git a/neqo-crypto/src/ssl.rs b/neqo-crypto/src/ssl.rs
@@ -46,6 +46,7 @@ pub enum Opt {
     HelloDowngradeCheck,
     SuppressEndOfEarlyData,
     Grease,
+    EnableChExtensionPermutation,
 }
 
 impl Opt {
@@ -66,6 +67,7 @@ impl Opt {
             Self::HelloDowngradeCheck => SSLOption::SSL_ENABLE_HELLO_DOWNGRADE_CHECK,
             Self::SuppressEndOfEarlyData => SSLOption::SSL_SUPPRESS_END_OF_EARLY_DATA,
             Self::Grease => SSLOption::SSL_ENABLE_GREASE,
+            Self::EnableChExtensionPermutation => SSLOption::SSL_ENABLE_CH_EXTENSION_PERMUTATION,
         };
         i as PRInt32
     }