Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(370)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_nss.cc

Issue 1052743003: Move RC4 behind a fallback. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: agl comment Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/socket/client_socket_pool_manager.cc ('k') | net/socket/ssl_client_socket_openssl.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
6 // from AuthCertificateCallback() in 6 // from AuthCertificateCallback() in
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
8 8
9 /* ***** BEGIN LICENSE BLOCK ***** 9 /* ***** BEGIN LICENSE BLOCK *****
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
(...skipping 3205 matching lines...) Expand 10 before | Expand all | Expand 10 after
3216 } 3216 }
3217 3217
3218 for (std::vector<uint16>::const_iterator it = 3218 for (std::vector<uint16>::const_iterator it =
3219 ssl_config_.disabled_cipher_suites.begin(); 3219 ssl_config_.disabled_cipher_suites.begin();
3220 it != ssl_config_.disabled_cipher_suites.end(); ++it) { 3220 it != ssl_config_.disabled_cipher_suites.end(); ++it) {
3221 // This will fail if the specified cipher is not implemented by NSS, but 3221 // This will fail if the specified cipher is not implemented by NSS, but
3222 // the failure is harmless. 3222 // the failure is harmless.
3223 SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE); 3223 SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE);
3224 } 3224 }
3225 3225
3226 if (!ssl_config_.enable_deprecated_cipher_suites) {
3227 const PRUint16* const ssl_ciphers = SSL_GetImplementedCiphers();
3228 const PRUint16 num_ciphers = SSL_GetNumImplementedCiphers();
3229 for (int i = 0; i < num_ciphers; i++) {
3230 SSLCipherSuiteInfo info;
3231 if (SSL_GetCipherSuiteInfo(ssl_ciphers[i], &info, sizeof(info)) !=
3232 SECSuccess) {
3233 continue;
3234 }
3235 if (info.symCipher == ssl_calg_rc4)
3236 SSL_CipherPrefSet(nss_fd_, ssl_ciphers[i], PR_FALSE);
3237 }
3238 }
3239
3226 // Support RFC 5077 3240 // Support RFC 5077
3227 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SESSION_TICKETS, PR_TRUE); 3241 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SESSION_TICKETS, PR_TRUE);
3228 if (rv != SECSuccess) { 3242 if (rv != SECSuccess) {
3229 LogFailedNSSFunction( 3243 LogFailedNSSFunction(
3230 net_log_, "SSL_OptionSet", "SSL_ENABLE_SESSION_TICKETS"); 3244 net_log_, "SSL_OptionSet", "SSL_ENABLE_SESSION_TICKETS");
3231 } 3245 }
3232 3246
3233 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALSE_START, 3247 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALSE_START,
3234 ssl_config_.false_start_enabled); 3248 ssl_config_.false_start_enabled);
3235 if (rv != SECSuccess) 3249 if (rv != SECSuccess)
(...skipping 98 matching lines...) Expand 10 before | Expand all | Expand 10 after
3334 break; 3348 break;
3335 case SSL_PROTOCOL_VERSION_TLS1_1: 3349 case SSL_PROTOCOL_VERSION_TLS1_1:
3336 peer_id += "tls1.1"; 3350 peer_id += "tls1.1";
3337 break; 3351 break;
3338 case SSL_PROTOCOL_VERSION_TLS1_2: 3352 case SSL_PROTOCOL_VERSION_TLS1_2:
3339 peer_id += "tls1.2"; 3353 peer_id += "tls1.2";
3340 break; 3354 break;
3341 default: 3355 default:
3342 NOTREACHED(); 3356 NOTREACHED();
3343 } 3357 }
3358 peer_id += "/";
3359 if (ssl_config_.enable_deprecated_cipher_suites)
3360 peer_id += "deprecated";
3344 3361
3345 SECStatus rv = SSL_SetSockPeerID(nss_fd_, const_cast<char*>(peer_id.c_str())); 3362 SECStatus rv = SSL_SetSockPeerID(nss_fd_, const_cast<char*>(peer_id.c_str()));
3346 if (rv != SECSuccess) 3363 if (rv != SECSuccess)
3347 LogFailedNSSFunction(net_log_, "SSL_SetSockPeerID", peer_id.c_str()); 3364 LogFailedNSSFunction(net_log_, "SSL_SetSockPeerID", peer_id.c_str());
3348 3365
3349 return OK; 3366 return OK;
3350 } 3367 }
3351 3368
3352 void SSLClientSocketNSS::DoConnectCallback(int rv) { 3369 void SSLClientSocketNSS::DoConnectCallback(int rv) {
3353 EnterFunction(rv); 3370 EnterFunction(rv);
(...skipping 262 matching lines...) Expand 10 before | Expand all | Expand 10 after
3616 scoped_refptr<X509Certificate> 3633 scoped_refptr<X509Certificate>
3617 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const { 3634 SSLClientSocketNSS::GetUnverifiedServerCertificateChain() const {
3618 return core_->state().server_cert.get(); 3635 return core_->state().server_cert.get();
3619 } 3636 }
3620 3637
3621 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const { 3638 ChannelIDService* SSLClientSocketNSS::GetChannelIDService() const {
3622 return channel_id_service_; 3639 return channel_id_service_;
3623 } 3640 }
3624 3641
3625 } // namespace net 3642 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/client_socket_pool_manager.cc ('k') | net/socket/ssl_client_socket_openssl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698