Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(296)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 10136001: net: only False Start with forward secret servers. (Closed)

Created:
8 years, 8 months ago by agl
Modified:
8 years, 8 months ago
Reviewers:
wtc
CC:
chromium-reviews, Ryan Sleevi
Visibility:
Public.

Description

net: only False Start with forward secret servers. Bodo made the point that we originally sacrificed an aspect of forward secrecy in order to use False Start widely. Specifically, an attacker can alter the handshake and cause a non-forward secure ciphersuite to be selected and the client's initial write will not be forward secret. Since we are no longer trying to use False Start everywhere, we can close that gap by only allowing it for forward secret connections. This change also addresses follow up comments on https://chromiumcodereview.appspot.com/10014010/ and adds the patch file that was missing in that change. BUG=none TEST=net_unittests Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=133255

Patch Set 1 #

Total comments: 2

Patch Set 2 : ... #

Unified diffs Side-by-side diffs Delta from patch set Stats (+76 lines, -5 lines) Patch
M net/socket/ssl_client_socket_nss.cc View 1 chunk +10 lines, -0 lines 0 comments Download
M net/third_party/nss/patches/applypatches.sh View 1 1 chunk +1 line, -1 line 0 comments Download
A net/third_party/nss/patches/falsestartnpn.patch View 1 1 chunk +51 lines, -0 lines 0 comments Download
M net/third_party/nss/ssl/ssl3con.c View 1 1 chunk +10 lines, -4 lines 0 comments Download
M net/third_party/nss/ssl/ssl3ext.c View 1 chunk +4 lines, -0 lines 0 comments Download

Messages

Total messages: 5 (0 generated)
agl
8 years, 8 months ago (2012-04-19 20:23:16 UTC) #1
wtc
Patch set 1 LGTM. Note my suggested change below. https://chromiumcodereview.appspot.com/10136001/diff/1/net/third_party/nss/ssl/ssl3con.c File net/third_party/nss/ssl/ssl3con.c (right): https://chromiumcodereview.appspot.com/10136001/diff/1/net/third_party/nss/ssl/ssl3con.c#newcode6092 net/third_party/nss/ssl/ssl3con.c:6092: ...
8 years, 8 months ago (2012-04-19 22:33:53 UTC) #2
agl
https://chromiumcodereview.appspot.com/10136001/diff/1/net/third_party/nss/ssl/ssl3con.c File net/third_party/nss/ssl/ssl3con.c (right): https://chromiumcodereview.appspot.com/10136001/diff/1/net/third_party/nss/ssl/ssl3con.c#newcode6092 net/third_party/nss/ssl/ssl3con.c:6092: ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_ecdh); On 2012/04/19 22:33:53, wtc wrote: > ...
8 years, 8 months ago (2012-04-20 18:30:29 UTC) #3
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/agl@chromium.org/10136001/4001
8 years, 8 months ago (2012-04-20 18:30:41 UTC) #4
commit-bot: I haz the power
8 years, 8 months ago (2012-04-20 20:28:28 UTC) #5 
Change committed as 133255

Powered by Google App Engine
This is Rietveld 408576698