Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(50)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/ssl/ssl3con.c

Issue 10136001: net: only False Start with forward secret servers. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: ... Created 8 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/third_party/nss/patches/falsestartnpn.patch ('k') | net/third_party/nss/ssl/ssl3ext.c » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /* 2 /*
3 * SSL3 Protocol 3 * SSL3 Protocol
4 * 4 *
5 * ***** BEGIN LICENSE BLOCK ***** 5 * ***** BEGIN LICENSE BLOCK *****
6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 6 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
7 * 7 *
8 * The contents of this file are subject to the Mozilla Public License Version 8 * The contents of this file are subject to the Mozilla Public License Version
9 * 1.1 (the "License"); you may not use this file except in compliance with 9 * 1.1 (the "License"); you may not use this file except in compliance with
10 * the License. You may obtain a copy of the License at 10 * the License. You may obtain a copy of the License at
(...skipping 6068 matching lines...) Expand 10 before | Expand all | Expand 10 after
6079 /* XXX: does not take into account whether we are waiting for 6079 /* XXX: does not take into account whether we are waiting for
6080 * SSL_AuthCertificateComplete or SSL_RestartHandshakeAfterCertReq. If/when 6080 * SSL_AuthCertificateComplete or SSL_RestartHandshakeAfterCertReq. If/when
6081 * that is done, this function could return different results each time it 6081 * that is done, this function could return different results each time it
6082 * would be called. 6082 * would be called.
6083 */ 6083 */
6084 6084
6085 ssl_GetSpecReadLock(ss); 6085 ssl_GetSpecReadLock(ss);
6086 rv = ss->opt.enableFalseStart && 6086 rv = ss->opt.enableFalseStart &&
6087 !ss->sec.isServer && 6087 !ss->sec.isServer &&
6088 !ss->ssl3.hs.isResuming && 6088 !ss->ssl3.hs.isResuming &&
6089 ssl3_ExtensionNegotiated(ss, ssl_next_proto_nego_xtn) &&
6090 ss->ssl3.cwSpec && 6089 ss->ssl3.cwSpec &&
6090
6091 /* An attacker can control the selected ciphersuite so we only wish to
6092 * do False Start in the case that the selected ciphersuite is
6093 * sufficiently strong that the attack can gain no advantage.
6094 * Therefore we require an 80-bit cipher and a forward-secret key
6095 * exchange. */
6091 ss->ssl3.cwSpec->cipher_def->secret_key_size >= 10 && 6096 ss->ssl3.cwSpec->cipher_def->secret_key_size >= 10 &&
6092 » (ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_rsa || 6097 » (ss->ssl3.hs.kea_def->kea == kea_dhe_dss ||
6093 » ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_dh || 6098 » ss->ssl3.hs.kea_def->kea == kea_dhe_rsa ||
6094 » ss->ssl3.hs.kea_def->exchKeyType == ssl_kea_ecdh); 6099 » ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa ||
6100 » ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa);
6095 ssl_ReleaseSpecReadLock(ss); 6101 ssl_ReleaseSpecReadLock(ss);
6096 return rv; 6102 return rv;
6097 } 6103 }
6098 6104
6099 static SECStatus ssl3_SendClientSecondRound(sslSocket *ss); 6105 static SECStatus ssl3_SendClientSecondRound(sslSocket *ss);
6100 6106
6101 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete 6107 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete
6102 * ssl3 Server Hello Done message. 6108 * ssl3 Server Hello Done message.
6103 * Caller must hold Handshake and RecvBuf locks. 6109 * Caller must hold Handshake and RecvBuf locks.
6104 */ 6110 */
(...skipping 4327 matching lines...) Expand 10 before | Expand all | Expand 10 after
10432 PORT_Free(ss->ssl3.hs.recvdFragments.buf); 10438 PORT_Free(ss->ssl3.hs.recvdFragments.buf);
10433 } 10439 }
10434 } 10440 }
10435 10441
10436 ss->ssl3.initialized = PR_FALSE; 10442 ss->ssl3.initialized = PR_FALSE;
10437 10443
10438 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); 10444 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE);
10439 } 10445 }
10440 10446
10441 /* End of ssl3con.c */ 10447 /* End of ssl3con.c */
OLDNEW
« no previous file with comments | « net/third_party/nss/patches/falsestartnpn.patch ('k') | net/third_party/nss/ssl/ssl3ext.c » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698