Allow CECPQ1 cipher suites to do False Start. Since they include an ECDHE exchange in them, they are equally-well suited to False Start. Change-Id: I75d31493a614a78ccbf337574c359271831d654d Reviewed-on: https://boringssl-review.googlesource.com/8732 Reviewed-by: David Benjamin <davidben@google.com>

commit: df759b5a57cd88d4f48e30f647f2d9789da9a879 [log] [tgz]
author: Adam Langley <agl@google.com> Mon Jul 11 15:24:37 2016 -0700
committer: David Benjamin <davidben@google.com> Mon Jul 11 22:55:31 2016 +0000
tree: 10e71122713340e2aa2b390e19a0408971974b93
parent: 47489446446844799e90d6739b423ee48fb0bbd7 [diff] [blame]
diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c
index 19fdf1c..e0cba62 100644
--- a/ssl/ssl_lib.c
+++ b/ssl/ssl_lib.c

@@ -2528,7 +2528,8 @@
       SSL_version(ssl) == TLS1_2_VERSION &&
       (ssl->s3->alpn_selected || ssl->s3->next_proto_neg_seen) &&
       cipher != NULL &&
-      cipher->algorithm_mkey == SSL_kECDHE &&
+      (cipher->algorithm_mkey == SSL_kECDHE ||
+       cipher->algorithm_mkey == SSL_kCECPQ1) &&
       cipher->algorithm_mac == SSL_AEAD;
 }
commit	df759b5a57cd88d4f48e30f647f2d9789da9a879	[log] [tgz]
author	Adam Langley <agl@google.com>	Mon Jul 11 15:24:37 2016 -0700
committer	David Benjamin <davidben@google.com>	Mon Jul 11 22:55:31 2016 +0000
tree	10e71122713340e2aa2b390e19a0408971974b93
parent	47489446446844799e90d6739b423ee48fb0bbd7 [diff] [blame]