Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(391)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_unittest.cc

Issue 1052743003: Move RC4 behind a fallback. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/socket/ssl_client_socket_nss.cc ('K') | « net/socket/ssl_client_socket_openssl.cc ('k') | net/ssl/ssl_config.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket.h" 5 #include "net/socket/ssl_client_socket.h"
6 6
7 #include "base/callback_helpers.h" 7 #include "base/callback_helpers.h"
8 #include "base/memory/ref_counted.h" 8 #include "base/memory/ref_counted.h"
9 #include "base/run_loop.h" 9 #include "base/run_loop.h"
10 #include "base/time/time.h" 10 #include "base/time/time.h"
(...skipping 2857 matching lines...) Expand 10 before | Expand all | Expand 10 after
2868 EXPECT_EQ(OK, callback.GetResult(transport->Connect(callback.callback()))); 2868 EXPECT_EQ(OK, callback.GetResult(transport->Connect(callback.callback())));
2869 sock = CreateSSLClientSocket( 2869 sock = CreateSSLClientSocket(
2870 transport.Pass(), test_server()->host_port_pair(), fallback_ssl_config); 2870 transport.Pass(), test_server()->host_port_pair(), fallback_ssl_config);
2871 EXPECT_EQ(OK, callback.GetResult(sock->Connect(callback.callback()))); 2871 EXPECT_EQ(OK, callback.GetResult(sock->Connect(callback.callback())));
2872 EXPECT_TRUE(sock->GetSSLInfo(&ssl_info)); 2872 EXPECT_TRUE(sock->GetSSLInfo(&ssl_info));
2873 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); 2873 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
2874 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1, 2874 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1,
2875 SSLConnectionStatusToVersion(ssl_info.connection_status)); 2875 SSLConnectionStatusToVersion(ssl_info.connection_status));
2876 } 2876 }
2877 2877
2878 // Test that RC4 is only enabled if enable_deprecated_cipher_suites is set.
2879 TEST_F(SSLClientSocketTest, DeprecatedRC4) {
2880 SpawnedTestServer::SSLOptions ssl_options;
2881 ssl_options.bulk_ciphers = SpawnedTestServer::SSLOptions::BULK_CIPHER_RC4;
2882 ASSERT_TRUE(StartTestServer(ssl_options));
2883
2884 // Normal handshakes with RC4 do not work.
2885 SSLConfig ssl_config;
2886 TestCompletionCallback callback;
2887 scoped_ptr<StreamSocket> transport(
2888 new TCPClientSocket(addr(), &log_, NetLog::Source()));
2889 ASSERT_EQ(OK, callback.GetResult(transport->Connect(callback.callback())));
2890 scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
2891 transport.Pass(), test_server()->host_port_pair(), ssl_config));
2892 ASSERT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH,
2893 callback.GetResult(sock->Connect(callback.callback())));
2894
2895 // Enabling deprecated ciphers works fine.
2896 ssl_config.enable_deprecated_cipher_suites = true;
2897 transport.reset(new TCPClientSocket(addr(), &log_, NetLog::Source()));
2898 ASSERT_EQ(OK, callback.GetResult(transport->Connect(callback.callback())));
2899 sock = CreateSSLClientSocket(transport.Pass(),
2900 test_server()->host_port_pair(), ssl_config);
2901 ASSERT_EQ(OK, callback.GetResult(sock->Connect(callback.callback())));
2902 }
2903
2904 // Tests that enabling deprecated ciphers shards the session cache.
2905 TEST_F(SSLClientSocketTest, DeprecatedShardSessionCache) {
2906 SpawnedTestServer::SSLOptions ssl_options;
2907 ASSERT_TRUE(StartTestServer(ssl_options));
2908
2909 // Prepare a normal and deprecated SSL config.
2910 SSLConfig ssl_config;
2911 SSLConfig deprecated_ssl_config;
2912 deprecated_ssl_config.enable_deprecated_cipher_suites = true;
2913
2914 // Connect with deprecated ciphers enabled to warm the session cache cache.
2915 TestCompletionCallback callback;
2916 scoped_ptr<StreamSocket> transport(
2917 new TCPClientSocket(addr(), &log_, NetLog::Source()));
2918 EXPECT_EQ(OK, callback.GetResult(transport->Connect(callback.callback())));
2919 scoped_ptr<SSLClientSocket> sock(
2920 CreateSSLClientSocket(transport.Pass(), test_server()->host_port_pair(),
2921 deprecated_ssl_config));
2922 EXPECT_EQ(OK, callback.GetResult(sock->Connect(callback.callback())));
2923 SSLInfo ssl_info;
2924 EXPECT_TRUE(sock->GetSSLInfo(&ssl_info));
2925 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
2926
2927 // Test that re-connecting with deprecated ciphers enabled still resumes.
2928 transport.reset(new TCPClientSocket(addr(), &log_, NetLog::Source()));
2929 EXPECT_EQ(OK, callback.GetResult(transport->Connect(callback.callback())));
2930 sock = CreateSSLClientSocket(
2931 transport.Pass(), test_server()->host_port_pair(), deprecated_ssl_config);
2932 EXPECT_EQ(OK, callback.GetResult(sock->Connect(callback.callback())));
2933 EXPECT_TRUE(sock->GetSSLInfo(&ssl_info));
2934 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
2935
2936 // However, a normal connection needs a full handshake.
2937 transport.reset(new TCPClientSocket(addr(), &log_, NetLog::Source()));
2938 EXPECT_EQ(OK, callback.GetResult(transport->Connect(callback.callback())));
2939 sock = CreateSSLClientSocket(transport.Pass(),
2940 test_server()->host_port_pair(), ssl_config);
2941 EXPECT_EQ(OK, callback.GetResult(sock->Connect(callback.callback())));
2942 EXPECT_TRUE(sock->GetSSLInfo(&ssl_info));
2943 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
2944 }
2945
2878 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) { 2946 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) {
2879 if (!SupportsAESGCM()) { 2947 if (!SupportsAESGCM()) {
2880 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; 2948 LOG(WARNING) << "Skipping test because AES-GCM is not supported.";
2881 return; 2949 return;
2882 } 2950 }
2883 2951
2884 // False Start requires NPN/ALPN, perfect forward secrecy, and an AEAD. 2952 // False Start requires NPN/ALPN, perfect forward secrecy, and an AEAD.
2885 SpawnedTestServer::SSLOptions server_options; 2953 SpawnedTestServer::SSLOptions server_options;
2886 server_options.key_exchanges = 2954 server_options.key_exchanges =
2887 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; 2955 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA;
(...skipping 211 matching lines...) Expand 10 before | Expand all | Expand 10 after
3099 ssl_config.channel_id_enabled = true; 3167 ssl_config.channel_id_enabled = true;
3100 3168
3101 int rv; 3169 int rv;
3102 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 3170 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
3103 3171
3104 EXPECT_EQ(ERR_UNEXPECTED, rv); 3172 EXPECT_EQ(ERR_UNEXPECTED, rv);
3105 EXPECT_FALSE(sock_->IsConnected()); 3173 EXPECT_FALSE(sock_->IsConnected());
3106 } 3174 }
3107 3175
3108 } // namespace net 3176 } // namespace net
OLDNEW
« net/socket/ssl_client_socket_nss.cc ('K') | « net/socket/ssl_client_socket_openssl.cc ('k') | net/ssl/ssl_config.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698