Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(672)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/socket/ssl_client_socket_nss.cc

Issue 1052743003: Move RC4 behind a fallback. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Make test not a no-op Created 5 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/socket/client_socket_pool_manager.cc ('k') | net/socket/ssl_client_socket_openssl.cc » ('j') | net/socket/ssl_client_socket_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/ssl_client_socket_nss.cc
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index 547ab7650c5d74a936805dcf28311c6a62d0603f..13189fb13e842f2d9d68402546b5a05eb691c5ae 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -3223,6 +3223,20 @@ int SSLClientSocketNSS::InitializeSSLOptions() {
SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE);
}
+ if (!ssl_config_.enable_deprecated_cipher_suites) {
+ const PRUint16* const ssl_ciphers = SSL_GetImplementedCiphers();
+ const PRUint16 num_ciphers = SSL_GetNumImplementedCiphers();
+ for (int i = 0; i < num_ciphers; i++) {
+ SSLCipherSuiteInfo info;
+ if (SSL_GetCipherSuiteInfo(ssl_ciphers[i], &info, sizeof(info)) !=
+ SECSuccess) {
+ continue;
+ }
+ if (info.symCipher == ssl_calg_rc4)
+ SSL_CipherPrefSet(nss_fd_, ssl_ciphers[i], PR_FALSE);
+ }
+ }
+
// Support RFC 5077
rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_SESSION_TICKETS, PR_TRUE);
if (rv != SECSuccess) {
@@ -3341,6 +3355,9 @@ int SSLClientSocketNSS::InitializeSSLPeerName() {
default:
NOTREACHED();
}
+ peer_id += "/";
+ if (ssl_config_.enable_deprecated_cipher_suites)
+ peer_id += "deprecated";
SECStatus rv = SSL_SetSockPeerID(nss_fd_, const_cast<char*>(peer_id.c_str()));
if (rv != SECSuccess)
« no previous file with comments | « net/socket/client_socket_pool_manager.cc ('k') | net/socket/ssl_client_socket_openssl.cc » ('j') | net/socket/ssl_client_socket_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698