| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
| 6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
| 7 | 7 |
| 8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
| 9 | 9 |
| 10 #include <errno.h> | 10 #include <errno.h> |
| (...skipping 782 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 793 } | 793 } |
| 794 if (disable) { | 794 if (disable) { |
| 795 const char* name = SSL_CIPHER_get_name(cipher); | 795 const char* name = SSL_CIPHER_get_name(cipher); |
| 796 DVLOG(3) << "Found cipher to remove: '" << name << "', ID: " << id | 796 DVLOG(3) << "Found cipher to remove: '" << name << "', ID: " << id |
| 797 << " strength: " << SSL_CIPHER_get_bits(cipher, NULL); | 797 << " strength: " << SSL_CIPHER_get_bits(cipher, NULL); |
| 798 command.append(":!"); | 798 command.append(":!"); |
| 799 command.append(name); | 799 command.append(name); |
| 800 } | 800 } |
| 801 } | 801 } |
| 802 | 802 |
| 803 if (!ssl_config_.enable_deprecated_cipher_suites) |
| 804 command.append(":!RC4"); |
| 805 |
| 803 // Disable ECDSA cipher suites on platforms that do not support ECDSA | 806 // Disable ECDSA cipher suites on platforms that do not support ECDSA |
| 804 // signed certificates, as servers may use the presence of such | 807 // signed certificates, as servers may use the presence of such |
| 805 // ciphersuites as a hint to send an ECDSA certificate. | 808 // ciphersuites as a hint to send an ECDSA certificate. |
| 806 #if defined(OS_WIN) | 809 #if defined(OS_WIN) |
| 807 if (base::win::GetVersion() < base::win::VERSION_VISTA) | 810 if (base::win::GetVersion() < base::win::VERSION_VISTA) |
| 808 command.append(":!ECDSA"); | 811 command.append(":!ECDSA"); |
| 809 #endif | 812 #endif |
| 810 | 813 |
| 811 int rv = SSL_set_cipher_list(ssl_, command.c_str()); | 814 int rv = SSL_set_cipher_list(ssl_, command.c_str()); |
| 812 // If this fails (rv = 0) it means there are no ciphers enabled on this SSL. | 815 // If this fails (rv = 0) it means there are no ciphers enabled on this SSL. |
| (...skipping 1125 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1938 case SSL_PROTOCOL_VERSION_TLS1_1: | 1941 case SSL_PROTOCOL_VERSION_TLS1_1: |
| 1939 result.append("tls1.1"); | 1942 result.append("tls1.1"); |
| 1940 break; | 1943 break; |
| 1941 case SSL_PROTOCOL_VERSION_TLS1_2: | 1944 case SSL_PROTOCOL_VERSION_TLS1_2: |
| 1942 result.append("tls1.2"); | 1945 result.append("tls1.2"); |
| 1943 break; | 1946 break; |
| 1944 default: | 1947 default: |
| 1945 NOTREACHED(); | 1948 NOTREACHED(); |
| 1946 } | 1949 } |
| 1947 | 1950 |
| 1951 result.append("/"); |
| 1952 if (ssl_config_.enable_deprecated_cipher_suites) |
| 1953 result.append("deprecated"); |
| 1954 |
| 1948 return result; | 1955 return result; |
| 1949 } | 1956 } |
| 1950 | 1957 |
| 1951 scoped_refptr<X509Certificate> | 1958 scoped_refptr<X509Certificate> |
| 1952 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { | 1959 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { |
| 1953 return server_cert_; | 1960 return server_cert_; |
| 1954 } | 1961 } |
| 1955 | 1962 |
| 1956 } // namespace net | 1963 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1052743003:
Move RC4 behind a fallback. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master