net/http/http_network_transaction.cc - Issue 1052743003: Move RC4 behind a fallback.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/http/http_network_transaction.cc

Issue 1052743003: Move RC4 behind a fallback. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 5 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: net/http/http_network_transaction.cc

diff --git a/net/http/http_network_transaction.cc b/net/http/http_network_transaction.cc

index 151776832719702e212e131589036d2cc5316323..4af4cd649b70b22161fceaf83a7f6ba6993b2e51 100644

--- a/net/http/http_network_transaction.cc

+++ b/net/http/http_network_transaction.cc

@@ -106,6 +106,15 @@ base::Value* NetLogSSLVersionFallbackCallback(

return dict;

}

+base::Value* NetLogSSLCipherFallbackCallback(const GURL* url,

+ int net_error,

+ NetLog::LogLevel /* log_level */) {

+ base::DictionaryValue* dict = new base::DictionaryValue();

+ dict->SetString("host_and_port", GetHostAndPort(*url));

+ dict->SetInteger("net_error", net_error);

+ return dict;

} // namespace

//-----------------------------------------------------------------------------

@@ -1240,6 +1249,21 @@ int HttpNetworkTransaction::HandleSSLHandshakeError(int error) {

DCHECK(request_);

HandleClientAuthError(error);

+ // Accept deprecated cipher suites, but only on a fallback. This makes UMA

+ // reflect servers require a deprecated cipher rather than merely prefer

+ // it. This, however, has no security benefit until the ciphers are actually

+ // removed.

+ if (!server_ssl_config_.enable_deprecated_cipher_suites &&

+ (error == ERR_SSL_VERSION_OR_CIPHER_MISMATCH ||

+ error == ERR_CONNECTION_CLOSED || error == ERR_CONNECTION_RESET)) {

davidben 2015/04/01 22:22:59 This matches the set of error codes Mozilla uses.

+ net_log_.AddEvent(

+ NetLog::TYPE_SSL_CIPHER_FALLBACK,

+ base::Bind(&NetLogSSLCipherFallbackCallback, &request_->url, error));

+ server_ssl_config_.enable_deprecated_cipher_suites = true;

+ ResetConnectionAndRequestForResend();

+ return OK;

+ }

bool should_fallback = false;

uint16 version_max = server_ssl_config_.version_max;