Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1112)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/socket/ssl_client_socket_unittest.cc

Issue 1052743003: Move RC4 behind a fallback. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« net/socket/ssl_client_socket_nss.cc ('K') | « net/socket/ssl_client_socket_openssl.cc ('k') | net/ssl/ssl_config.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/ssl_client_socket_unittest.cc
diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc
index 4b74ca0b93dd6caa20495c7efd8614df05c70f16..63f87423442bce3d86f210dff1016c79f89ebbc7 100644
--- a/net/socket/ssl_client_socket_unittest.cc
+++ b/net/socket/ssl_client_socket_unittest.cc
@@ -2875,6 +2875,74 @@ TEST_F(SSLClientSocketTest, FallbackShardSessionCache) {
SSLConnectionStatusToVersion(ssl_info.connection_status));
}
+// Test that RC4 is only enabled if enable_deprecated_cipher_suites is set.
+TEST_F(SSLClientSocketTest, DeprecatedRC4) {
+ SpawnedTestServer::SSLOptions ssl_options;
+ ssl_options.bulk_ciphers = SpawnedTestServer::SSLOptions::BULK_CIPHER_RC4;
+ ASSERT_TRUE(StartTestServer(ssl_options));
+
+ // Normal handshakes with RC4 do not work.
+ SSLConfig ssl_config;
+ TestCompletionCallback callback;
+ scoped_ptr<StreamSocket> transport(
+ new TCPClientSocket(addr(), &log_, NetLog::Source()));
+ ASSERT_EQ(OK, callback.GetResult(transport->Connect(callback.callback())));
+ scoped_ptr<SSLClientSocket> sock(CreateSSLClientSocket(
+ transport.Pass(), test_server()->host_port_pair(), ssl_config));
+ ASSERT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH,
+ callback.GetResult(sock->Connect(callback.callback())));
+
+ // Enabling deprecated ciphers works fine.
+ ssl_config.enable_deprecated_cipher_suites = true;
+ transport.reset(new TCPClientSocket(addr(), &log_, NetLog::Source()));
+ ASSERT_EQ(OK, callback.GetResult(transport->Connect(callback.callback())));
+ sock = CreateSSLClientSocket(transport.Pass(),
+ test_server()->host_port_pair(), ssl_config);
+ ASSERT_EQ(OK, callback.GetResult(sock->Connect(callback.callback())));
+}
+
+// Tests that enabling deprecated ciphers shards the session cache.
+TEST_F(SSLClientSocketTest, DeprecatedShardSessionCache) {
+ SpawnedTestServer::SSLOptions ssl_options;
+ ASSERT_TRUE(StartTestServer(ssl_options));
+
+ // Prepare a normal and deprecated SSL config.
+ SSLConfig ssl_config;
+ SSLConfig deprecated_ssl_config;
+ deprecated_ssl_config.enable_deprecated_cipher_suites = true;
+
+ // Connect with deprecated ciphers enabled to warm the session cache cache.
+ TestCompletionCallback callback;
+ scoped_ptr<StreamSocket> transport(
+ new TCPClientSocket(addr(), &log_, NetLog::Source()));
+ EXPECT_EQ(OK, callback.GetResult(transport->Connect(callback.callback())));
+ scoped_ptr<SSLClientSocket> sock(
+ CreateSSLClientSocket(transport.Pass(), test_server()->host_port_pair(),
+ deprecated_ssl_config));
+ EXPECT_EQ(OK, callback.GetResult(sock->Connect(callback.callback())));
+ SSLInfo ssl_info;
+ EXPECT_TRUE(sock->GetSSLInfo(&ssl_info));
+ EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
+
+ // Test that re-connecting with deprecated ciphers enabled still resumes.
+ transport.reset(new TCPClientSocket(addr(), &log_, NetLog::Source()));
+ EXPECT_EQ(OK, callback.GetResult(transport->Connect(callback.callback())));
+ sock = CreateSSLClientSocket(
+ transport.Pass(), test_server()->host_port_pair(), deprecated_ssl_config);
+ EXPECT_EQ(OK, callback.GetResult(sock->Connect(callback.callback())));
+ EXPECT_TRUE(sock->GetSSLInfo(&ssl_info));
+ EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
+
+ // However, a normal connection needs a full handshake.
+ transport.reset(new TCPClientSocket(addr(), &log_, NetLog::Source()));
+ EXPECT_EQ(OK, callback.GetResult(transport->Connect(callback.callback())));
+ sock = CreateSSLClientSocket(transport.Pass(),
+ test_server()->host_port_pair(), ssl_config);
+ EXPECT_EQ(OK, callback.GetResult(sock->Connect(callback.callback())));
+ EXPECT_TRUE(sock->GetSSLInfo(&ssl_info));
+ EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
+}
+
TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) {
if (!SupportsAESGCM()) {
LOG(WARNING) << "Skipping test because AES-GCM is not supported.";
« net/socket/ssl_client_socket_nss.cc ('K') | « net/socket/ssl_client_socket_openssl.cc ('k') | net/ssl/ssl_config.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698