Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1533)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/net/ssl_config_service_manager_pref.cc

Issue 7462008: Add a preference and command-line option to disable SSL/TLS cipher suites (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 9 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | chrome/browser/prefs/command_line_pref_store.h » ('j') | chrome/browser/prefs/command_line_pref_store.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/net/ssl_config_service_manager_pref.cc
diff --git a/chrome/browser/net/ssl_config_service_manager_pref.cc b/chrome/browser/net/ssl_config_service_manager_pref.cc
index c6e5cf5dd0e23abdd831faddb1db6084670b4ec3..fb6b6efb6c2a2db9b0f880bddb5970782a2fae36 100644
--- a/chrome/browser/net/ssl_config_service_manager_pref.cc
+++ b/chrome/browser/net/ssl_config_service_manager_pref.cc
@@ -1,20 +1,68 @@
// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
+#include "chrome/browser/net/ssl_config_service_manager.h"
+
+#include <algorithm>
+#include <string>
+#include <vector>
+#include "base/basictypes.h"
#include "base/message_loop.h"
#include "base/threading/thread.h"
#include "chrome/browser/browser_process.h"
#include "chrome/browser/io_thread.h"
-#include "chrome/browser/net/ssl_config_service_manager.h"
+#include "chrome/browser/prefs/pref_change_registrar.h"
#include "chrome/browser/prefs/pref_member.h"
#include "chrome/browser/prefs/pref_service.h"
#include "chrome/common/pref_names.h"
-#include "content/common/content_notification_types.h"
+#include "chrome/common/chrome_notification_types.h"
battre 2011/07/20 11:16:30 nit: order
#include "content/common/notification_details.h"
#include "content/common/notification_source.h"
+#include "net/base/ssl_cipher_suite_names.h"
#include "net/base/ssl_config_service.h"
+namespace {
+
+// Converts a ListValue of StringValues into a vector of strings. Any Values
+// which cannot be converted will be skipped.
+std::vector<std::string> ListValueToStringVector(const ListValue* value) {
+ std::vector<std::string> results;
+ results.reserve(value->GetSize());
+ std::string s;
+ for (ListValue::const_iterator it = value->begin(); it != value->end();
+ ++it) {
+ if (!(*it)->GetAsString(&s))
+ continue;
+ results.push_back(s);
+ }
+ return results;
+}
+
+// Parses a vector of cipher suite strings, returning a sorted vector
+// containing the underlying SSL/TLS cipher suites. Unrecognized/invalid
+// cipher suites will be ignored.
+std::vector<uint16> ParseCipherSuites(
+ const std::vector<std::string>& cipher_strings) {
+ std::vector<uint16> cipher_suites;
+ cipher_suites.reserve(cipher_strings.size());
+
+ for (std::vector<std::string>::const_iterator it = cipher_strings.begin();
+ it != cipher_strings.end(); ++it) {
+ uint16 cipher_suite = 0;
+ if (!net::ParseSSLCipherString(*it, &cipher_suite)) {
+ LOG(ERROR) << "Ignoring unrecognized or unparsable cipher suite: "
+ << cipher_suite;
+ continue;
+ }
+ cipher_suites.push_back(cipher_suite);
+ }
+ std::sort(cipher_suites.begin(), cipher_suites.end());
+ return cipher_suites;
+}
+
+} // namespace
+
////////////////////////////////////////////////////////////////////////////////
// SSLConfigServicePref
@@ -81,11 +129,20 @@ class SSLConfigServiceManagerPref
// only be called from UI thread.
void GetSSLConfigFromPrefs(net::SSLConfig* config);
+ // Processes changes to the disabled cipher suites preference, updating the
+ // cached list of parsed SSL/TLS cipher suites that are disabled.
+ void OnDisabledCipherSuitesChange(PrefService* prefs);
+
+ PrefChangeRegistrar pref_change_registrar_;
+
// The prefs (should only be accessed from UI thread)
BooleanPrefMember rev_checking_enabled_;
BooleanPrefMember ssl3_enabled_;
BooleanPrefMember tls1_enabled_;
+ // The cached list of disabled SSL cipher suites.
+ std::vector<uint16> disabled_cipher_suites_;
+
scoped_refptr<SSLConfigServicePref> ssl_config_service_;
DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerPref);
@@ -102,7 +159,10 @@ SSLConfigServiceManagerPref::SSLConfigServiceManagerPref(
local_state, this);
ssl3_enabled_.Init(prefs::kSSL3Enabled, local_state, this);
tls1_enabled_.Init(prefs::kTLS1Enabled, local_state, this);
+ pref_change_registrar_.Init(local_state);
+ pref_change_registrar_.Add(prefs::kCipherSuiteBlacklist, this);
+ OnDisabledCipherSuitesChange(local_state);
// Initialize from UI thread. This is okay as there shouldn't be anything on
// the IO thread trying to access it yet.
GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_);
@@ -123,6 +183,9 @@ void SSLConfigServiceManagerPref::RegisterPrefs(PrefService* prefs) {
prefs->RegisterBooleanPref(prefs::kTLS1Enabled,
default_config.tls1_enabled);
}
+ if (!prefs->FindPreference(prefs::kCipherSuiteBlacklist)) {
+ prefs->RegisterListPref(prefs::kCipherSuiteBlacklist);
+ }
}
net::SSLConfigService* SSLConfigServiceManagerPref::Get() {
@@ -132,6 +195,14 @@ net::SSLConfigService* SSLConfigServiceManagerPref::Get() {
void SSLConfigServiceManagerPref::Observe(int type,
const NotificationSource& source,
const NotificationDetails& details) {
+ if (type == chrome::NOTIFICATION_PREF_CHANGED) {
+ std::string* pref_name_in = Details<std::string>(details).ptr();
+ PrefService* prefs = Source<PrefService>(source).ptr();
+ DCHECK(pref_name_in && prefs);
+ if (*pref_name_in == prefs::kCipherSuiteBlacklist)
+ OnDisabledCipherSuitesChange(prefs);
+ }
+
base::Thread* io_thread = g_browser_process->io_thread();
if (io_thread) {
net::SSLConfig new_config;
@@ -153,9 +224,18 @@ void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs(
config->rev_checking_enabled = rev_checking_enabled_.GetValue();
config->ssl3_enabled = ssl3_enabled_.GetValue();
config->tls1_enabled = tls1_enabled_.GetValue();
+ config->disabled_cipher_suites =
+ disabled_cipher_suites_;
battre 2011/07/20 11:16:30 nit: single line
SSLConfigServicePref::SetSSLConfigFlags(config);
}
+void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange(
+ PrefService* prefs) {
+ const ListValue* value = prefs->GetList(prefs::kCipherSuiteBlacklist);
+ disabled_cipher_suites_ = ParseCipherSuites(
+ ListValueToStringVector(value));
battre 2011/07/20 11:16:30 nit: single line?
+}
+
////////////////////////////////////////////////////////////////////////////////
// SSLConfigServiceManager
« no previous file with comments | « no previous file | chrome/browser/prefs/command_line_pref_store.h » ('j') | chrome/browser/prefs/command_line_pref_store.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698