Issue 1052743003: Move RC4 behind a fallback.

Issue 1052743003: Move RC4 behind a fallback. (Closed)

Created:
5 years, 8 months ago by davidben

Modified:
5 years, 8 months ago

Reviewers:
agl, Ilya Sherman, Ryan Sleevi

CC:
chromium-reviews, cbentzel+watch_chromium.org, eroman, mmenke

Base URL:
https://chromium.googlesource.com/chromium/src.git@master

Target Ref:
refs/pending/heads/master

Project:
chromium

Visibility:
Public.

More Reviews

Description

Move RC4 behind a fallback. This is to start gathering better metrics on which servers require RC4. Many servers which prefer RC4 will still accept another cipher suite. Moving it behind a fallback will make our cipher suite metrics reflect roughly servers which require it and not only those which prefer it. Note that this sort of fallback provides NO security benefit. If a server prefers a non-RC4 cipher, they already securely negotiate it whether or not the client offers RC4. If a server prefers RC4, this kind of fallback does nothing to prevent an attacker from switching the connection to RC4. This is purely for measurement. BUG=375342 Committed: https://crrev.com/a4c9d060fa6e74b6513b198064cfe7b06482d404 Cr-Commit-Position: refs/heads/master@{#323837}

Patch Set 1 #

Patch Set 2 : #

Total comments: 5

Patch Set 3 : Make test not a no-op #

Total comments: 4

Patch Set 4 : sleevi comments #

Total comments: 2

Patch Set 5 : agl comment #

Created: 5 years, 8 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+235 lines, -19 lines)			Patch
M	net/http/http_network_transaction.cc	View	1	2 chunks	+24 lines, -0 lines	0 comments	Download
M	net/http/http_stream_factory_impl_job.cc	View	1 2 3	1 chunk	+3 lines, -0 lines	0 comments	Download
M	net/log/net_log_event_type_list.h	View	1 2 3	1 chunk	+9 lines, -0 lines	0 comments	Download
M	net/socket/client_socket_pool_manager.cc	View	1 2 3 4	1 chunk	+4 lines, -0 lines	0 comments	Download
M	net/socket/ssl_client_socket_nss.cc	View	1 2 3	2 chunks	+17 lines, -0 lines	0 comments	Download
M	net/socket/ssl_client_socket_openssl.cc	View	1	2 chunks	+7 lines, -0 lines	0 comments	Download
M	net/socket/ssl_client_socket_unittest.cc	View	1 2 3	3 chunks	+109 lines, -19 lines	0 comments	Download
M	net/ssl/ssl_config.h	View	1	1 chunk	+3 lines, -0 lines	0 comments	Download
M	net/ssl/ssl_config.cc	View		1 chunk	+1 line, -0 lines	0 comments	Download
M	net/url_request/url_request_unittest.cc	View	1 2 3	1 chunk	+44 lines, -0 lines	0 comments	Download
M	tools/metrics/histograms/histograms.xml	View		2 chunks	+14 lines, -0 lines	0 comments	Download

Messages

Total messages: 15 (4 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

davidben

Just doing the fallback on this iteration, no UI degradation, so we can get UMA ...

5 years, 8 months ago (2015-04-01 22:22:59 UTC) #2

Ryan Sleevi

LGTM % test nits https://codereview.chromium.org/1052743003/diff/40001/net/socket/ssl_client_socket_unittest.cc File net/socket/ssl_client_socket_unittest.cc (right): https://codereview.chromium.org/1052743003/diff/40001/net/socket/ssl_client_socket_unittest.cc#newcode2937 net/socket/ssl_client_socket_unittest.cc:2937: // However, a normal connection ...

5 years, 8 months ago (2015-04-02 06:32:06 UTC) #3

davidben

+isherman for histograms.xml https://codereview.chromium.org/1052743003/diff/40001/net/socket/ssl_client_socket_unittest.cc File net/socket/ssl_client_socket_unittest.cc (right): https://codereview.chromium.org/1052743003/diff/40001/net/socket/ssl_client_socket_unittest.cc#newcode2937 net/socket/ssl_client_socket_unittest.cc:2937: // However, a normal connection needs ...

5 years, 8 months ago (2015-04-03 19:58:26 UTC) #5

Ilya Sherman

https://codereview.chromium.org/1052743003/diff/60001/tools/metrics/histograms/histograms.xml File tools/metrics/histograms/histograms.xml (right): https://codereview.chromium.org/1052743003/diff/60001/tools/metrics/histograms/histograms.xml#newcode46106 tools/metrics/histograms/histograms.xml:46106: + <int value="1" label="Deprecated ciphers enabled"/> Hmm, this doesn't ...

5 years, 8 months ago (2015-04-03 20:57:58 UTC) #6

davidben

5 years, 8 months ago (2015-04-03 21:03:43 UTC) #7

agl

LGTM https://codereview.chromium.org/1052743003/diff/20001/net/socket/client_socket_pool_manager.cc File net/socket/client_socket_pool_manager.cc (right): https://codereview.chromium.org/1052743003/diff/20001/net/socket/client_socket_pool_manager.cc#newcode155 net/socket/client_socket_pool_manager.cc:155: prefix += "deprecated/"; "deprecated" is a rather generic ...

5 years, 8 months ago (2015-04-03 21:06:17 UTC) #8

davidben

https://codereview.chromium.org/1052743003/diff/20001/net/socket/client_socket_pool_manager.cc File net/socket/client_socket_pool_manager.cc (right): https://codereview.chromium.org/1052743003/diff/20001/net/socket/client_socket_pool_manager.cc#newcode155 net/socket/client_socket_pool_manager.cc:155: prefix += "deprecated/"; On 2015/04/03 21:06:17, agl wrote: > ...

5 years, 8 months ago (2015-04-03 21:10:00 UTC) #9

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/1052743003/80001

5 years, 8 months ago (2015-04-03 21:24:00 UTC) #13

commit-bot: I haz the power

5 years, 8 months ago (2015-04-03 22:35:33 UTC) #15

Message was sent while issue was closed.

Patchset 5 (id:??) landed as
https://crrev.com/a4c9d060fa6e74b6513b198064cfe7b06482d404
Cr-Commit-Position: refs/heads/master@{#323837}

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages