Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1122)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/ssl_config_service_win.cc

Issue 4091005: Remove SSL 2.0 support. (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Sync with ToT Created 10 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/ssl_config_service_win.h ('k') | net/base/ssl_config_service_win_unittest.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/ssl_config_service_win.h" 5 #include "net/base/ssl_config_service_win.h"
6 6
7 #include "base/thread_restrictions.h" 7 #include "base/thread_restrictions.h"
8 #include "base/win/registry.h" 8 #include "base/win/registry.h"
9 9
10 using base::TimeDelta; 10 using base::TimeDelta;
(...skipping 11 matching lines...) Expand all
22 22
23 static const wchar_t kProtocolsValueName[] = L"SecureProtocols"; 23 static const wchar_t kProtocolsValueName[] = L"SecureProtocols";
24 24
25 // In SecureProtocols, each SSL version is represented by a bit: 25 // In SecureProtocols, each SSL version is represented by a bit:
26 // SSL 2.0: 0x08 26 // SSL 2.0: 0x08
27 // SSL 3.0: 0x20 27 // SSL 3.0: 0x20
28 // TLS 1.0: 0x80 28 // TLS 1.0: 0x80
29 // The bits are OR'ed to form the DWORD value. So 0xa0 means SSL 3.0 and 29 // The bits are OR'ed to form the DWORD value. So 0xa0 means SSL 3.0 and
30 // TLS 1.0. 30 // TLS 1.0.
31 enum { 31 enum {
32 SSL2 = 0x08,
33 SSL3 = 0x20, 32 SSL3 = 0x20,
34 TLS1 = 0x80 33 TLS1 = 0x80
35 }; 34 };
36 35
37 // If CertificateRevocation or SecureProtocols is missing, IE uses a default 36 // If CertificateRevocation or SecureProtocols is missing, IE uses a default
38 // value. Unfortunately the default is IE version specific. We use WinHTTP's 37 // value. Unfortunately the default is IE version specific. We use WinHTTP's
39 // default. 38 // default.
40 enum { 39 enum {
41 REVOCATION_DEFAULT = 0, 40 REVOCATION_DEFAULT = 0,
42 PROTOCOLS_DEFAULT = SSL3 | TLS1 41 PROTOCOLS_DEFAULT = SSL3 | TLS1
(...skipping 27 matching lines...) Expand all
70 69
71 DWORD revocation; 70 DWORD revocation;
72 if (!internet_settings.ReadValueDW(kRevocationValueName, &revocation)) 71 if (!internet_settings.ReadValueDW(kRevocationValueName, &revocation))
73 revocation = REVOCATION_DEFAULT; 72 revocation = REVOCATION_DEFAULT;
74 73
75 DWORD protocols; 74 DWORD protocols;
76 if (!internet_settings.ReadValueDW(kProtocolsValueName, &protocols)) 75 if (!internet_settings.ReadValueDW(kProtocolsValueName, &protocols))
77 protocols = PROTOCOLS_DEFAULT; 76 protocols = PROTOCOLS_DEFAULT;
78 77
79 config->rev_checking_enabled = (revocation != 0); 78 config->rev_checking_enabled = (revocation != 0);
80 config->ssl2_enabled = ((protocols & SSL2) != 0);
81 config->ssl3_enabled = ((protocols & SSL3) != 0); 79 config->ssl3_enabled = ((protocols & SSL3) != 0);
82 config->tls1_enabled = ((protocols & TLS1) != 0); 80 config->tls1_enabled = ((protocols & TLS1) != 0);
83 SSLConfigService::SetSSLConfigFlags(config); 81 SSLConfigService::SetSSLConfigFlags(config);
84 82
85 // TODO(rsleevi): Possibly respect the registry keys defined in 83 // TODO(rsleevi): Possibly respect the registry keys defined in
86 // http://support.microsoft.com/kb/245030 (pre-Vista) or 84 // http://support.microsoft.com/kb/245030 (pre-Vista) or
87 // http://msdn.microsoft.com/en-us/library/bb870930(VS.85).aspx (post-Vista). 85 // http://msdn.microsoft.com/en-us/library/bb870930(VS.85).aspx (post-Vista).
88 // Currently, these values are respected implicitly when using 86 // Currently, these values are respected implicitly when using
89 // SSLClientSocketWin, but they do not propogate to SSLClientSocketNSS 87 // SSLClientSocketWin, but they do not propogate to SSLClientSocketNSS
90 // because we're not currently translating the keys. 88 // because we're not currently translating the keys.
91 89
92 return true; 90 return true;
93 } 91 }
94 92
95 // static 93 // static
96 void SSLConfigServiceWin::SetRevCheckingEnabled(bool enabled) { 94 void SSLConfigServiceWin::SetRevCheckingEnabled(bool enabled) {
97 // This registry access goes to disk and will slow down the IO thread. 95 // This registry access goes to disk and will slow down the IO thread.
98 // http://crbug.com/61455 96 // http://crbug.com/61455
99 DWORD value = enabled; 97 DWORD value = enabled;
100 RegKey internet_settings(HKEY_CURRENT_USER, kInternetSettingsSubKeyName, 98 RegKey internet_settings(HKEY_CURRENT_USER, kInternetSettingsSubKeyName,
101 KEY_WRITE); 99 KEY_WRITE);
102 internet_settings.WriteValue(kRevocationValueName, value); 100 internet_settings.WriteValue(kRevocationValueName, value);
103 // TODO(mattm): We should call UpdateConfig after updating settings, but these 101 // TODO(mattm): We should call UpdateConfig after updating settings, but these
104 // methods are static. 102 // methods are static.
105 } 103 }
106 104
107 // static 105 // static
108 void SSLConfigServiceWin::SetSSL2Enabled(bool enabled) {
109 SetSSLVersionEnabled(SSL2, enabled);
110 }
111
112 // static
113 void SSLConfigServiceWin::SetSSL3Enabled(bool enabled) { 106 void SSLConfigServiceWin::SetSSL3Enabled(bool enabled) {
114 SetSSLVersionEnabled(SSL3, enabled); 107 SetSSLVersionEnabled(SSL3, enabled);
115 } 108 }
116 109
117 // static 110 // static
118 void SSLConfigServiceWin::SetTLS1Enabled(bool enabled) { 111 void SSLConfigServiceWin::SetTLS1Enabled(bool enabled) {
119 SetSSLVersionEnabled(TLS1, enabled); 112 SetSSLVersionEnabled(TLS1, enabled);
120 } 113 }
121 114
122 // static 115 // static
(...skipping 17 matching lines...) Expand all
140 void SSLConfigServiceWin::UpdateConfig(TimeTicks now) { 133 void SSLConfigServiceWin::UpdateConfig(TimeTicks now) {
141 SSLConfig orig_config = config_info_; 134 SSLConfig orig_config = config_info_;
142 GetSSLConfigNow(&config_info_); 135 GetSSLConfigNow(&config_info_);
143 if (ever_updated_) 136 if (ever_updated_)
144 ProcessConfigUpdate(orig_config, config_info_); 137 ProcessConfigUpdate(orig_config, config_info_);
145 config_time_ = now; 138 config_time_ = now;
146 ever_updated_ = true; 139 ever_updated_ = true;
147 } 140 }
148 141
149 } // namespace net 142 } // namespace net
OLDNEW
« no previous file with comments | « net/base/ssl_config_service_win.h ('k') | net/base/ssl_config_service_win_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698