Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(82)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/http_network_transaction.cc

Issue 10218007: net: don't remember TLS intolerant servers. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Addressing wtc's comments Created 8 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | net/http/http_stream_factory.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/http_network_transaction.h" 5 #include "net/http/http_network_transaction.h"
6 6
7 #include <set> 7 #include <set>
8 #include <vector> 8 #include <vector>
9 9
10 #include "base/bind.h" 10 #include "base/bind.h"
(...skipping 1150 matching lines...) Expand 10 before | Expand all | Expand 10 after
1161 1161
1162 switch (error) { 1162 switch (error) {
1163 case ERR_SSL_PROTOCOL_ERROR: 1163 case ERR_SSL_PROTOCOL_ERROR:
1164 case ERR_SSL_VERSION_OR_CIPHER_MISMATCH: 1164 case ERR_SSL_VERSION_OR_CIPHER_MISMATCH:
1165 case ERR_SSL_DECOMPRESSION_FAILURE_ALERT: 1165 case ERR_SSL_DECOMPRESSION_FAILURE_ALERT:
1166 case ERR_SSL_BAD_RECORD_MAC_ALERT: 1166 case ERR_SSL_BAD_RECORD_MAC_ALERT:
1167 if (server_ssl_config_.tls1_enabled) { 1167 if (server_ssl_config_.tls1_enabled) {
1168 // This could be a TLS-intolerant server, an SSL 3.0 server that 1168 // This could be a TLS-intolerant server, an SSL 3.0 server that
1169 // chose a TLS-only cipher suite or a server with buggy DEFLATE 1169 // chose a TLS-only cipher suite or a server with buggy DEFLATE
1170 // support. Turn off TLS 1.0, DEFLATE support and retry. 1170 // support. Turn off TLS 1.0, DEFLATE support and retry.
1171 session_->http_stream_factory()->AddTLSIntolerantServer( 1171 LOG(WARNING) << "Falling back to SSLv3 because host is TLS intolerant: "
1172 HostPortPair::FromURL(request_->url)); 1172 << GetHostAndPort(request_->url);
1173 server_ssl_config_.tls1_enabled = false;
1174 server_ssl_config_.ssl3_fallback = true;
1173 ResetConnectionAndRequestForResend(); 1175 ResetConnectionAndRequestForResend();
1174 error = OK; 1176 error = OK;
1175 } 1177 }
1176 break; 1178 break;
1177 } 1179 }
1178 return error; 1180 return error;
1179 } 1181 }
1180 1182
1181 // This method determines whether it is safe to resend the request after an 1183 // This method determines whether it is safe to resend the request after an
1182 // IO error. It can only be called in response to request header or body 1184 // IO error. It can only be called in response to request header or body
(...skipping 188 matching lines...) Expand 10 before | Expand all | Expand 10 after
1371 description = base::StringPrintf("Unknown state 0x%08X (%u)", state, 1373 description = base::StringPrintf("Unknown state 0x%08X (%u)", state,
1372 state); 1374 state);
1373 break; 1375 break;
1374 } 1376 }
1375 return description; 1377 return description;
1376 } 1378 }
1377 1379
1378 #undef STATE_CASE 1380 #undef STATE_CASE
1379 1381
1380 } // namespace net 1382 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | net/http/http_stream_factory.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698