| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
| 6 | 6 |
| 7 #include "base/callback_helpers.h" | 7 #include "base/callback_helpers.h" |
| 8 #include "base/memory/ref_counted.h" | 8 #include "base/memory/ref_counted.h" |
| 9 #include "base/run_loop.h" | 9 #include "base/run_loop.h" |
| 10 #include "base/time/time.h" | 10 #include "base/time/time.h" |
| (...skipping 2185 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2196 if (rv == ERR_IO_PENDING) | 2196 if (rv == ERR_IO_PENDING) |
| 2197 rv = callback.WaitForResult(); | 2197 rv = callback.WaitForResult(); |
| 2198 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); | 2198 EXPECT_EQ(ERR_SSL_PROTOCOL_ERROR, rv); |
| 2199 } | 2199 } |
| 2200 | 2200 |
| 2201 TEST_F(SSLClientSocketTest, CipherSuiteDisables) { | 2201 TEST_F(SSLClientSocketTest, CipherSuiteDisables) { |
| 2202 // Rather than exhaustively disabling every RC4 ciphersuite defined at | 2202 // Rather than exhaustively disabling every RC4 ciphersuite defined at |
| 2203 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml, | 2203 // http://www.iana.org/assignments/tls-parameters/tls-parameters.xml, |
| 2204 // only disabling those cipher suites that the test server actually | 2204 // only disabling those cipher suites that the test server actually |
| 2205 // implements. | 2205 // implements. |
| 2206 const uint16 kCiphersToDisable[] = { | 2206 const uint16 kCiphersToDisable[] = {0x0005, // TLS_RSA_WITH_RC4_128_SHA |
| 2207 0x0005, // TLS_RSA_WITH_RC4_128_SHA | |
| 2208 0xc011, // TLS_ECDHE_RSA_WITH_RC4_128_SHA | |
| 2209 }; | 2207 }; |
| 2210 | 2208 |
| 2211 SpawnedTestServer::SSLOptions ssl_options; | 2209 SpawnedTestServer::SSLOptions ssl_options; |
| 2212 // Enable only RC4 on the test server. | 2210 // Enable only RC4 on the test server. |
| 2213 ssl_options.bulk_ciphers = SpawnedTestServer::SSLOptions::BULK_CIPHER_RC4; | 2211 ssl_options.bulk_ciphers = SpawnedTestServer::SSLOptions::BULK_CIPHER_RC4; |
| 2214 SpawnedTestServer test_server( | 2212 SpawnedTestServer test_server( |
| 2215 SpawnedTestServer::TYPE_HTTPS, ssl_options, base::FilePath()); | 2213 SpawnedTestServer::TYPE_HTTPS, ssl_options, base::FilePath()); |
| 2216 ASSERT_TRUE(test_server.Start()); | 2214 ASSERT_TRUE(test_server.Start()); |
| 2217 | 2215 |
| 2218 AddressList addr; | 2216 AddressList addr; |
| (...skipping 657 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2876 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1, | 2874 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1, |
| 2877 SSLConnectionStatusToVersion(ssl_info.connection_status)); | 2875 SSLConnectionStatusToVersion(ssl_info.connection_status)); |
| 2878 } | 2876 } |
| 2879 | 2877 |
| 2880 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) { | 2878 TEST_F(SSLClientSocketFalseStartTest, FalseStartEnabled) { |
| 2881 if (!SupportsAESGCM()) { | 2879 if (!SupportsAESGCM()) { |
| 2882 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; | 2880 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; |
| 2883 return; | 2881 return; |
| 2884 } | 2882 } |
| 2885 | 2883 |
| 2886 // False Start requires NPN/ALPN, ECDHE, and an AEAD. | 2884 // False Start requires NPN/ALPN, perfect forward secrecy, and an AEAD. |
| 2887 SpawnedTestServer::SSLOptions server_options; | 2885 SpawnedTestServer::SSLOptions server_options; |
| 2888 server_options.key_exchanges = | 2886 server_options.key_exchanges = |
| 2889 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2887 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; |
| 2890 server_options.bulk_ciphers = | 2888 server_options.bulk_ciphers = |
| 2891 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2889 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| 2892 server_options.enable_npn = true; | 2890 server_options.enable_npn = true; |
| 2893 SSLConfig client_config; | 2891 SSLConfig client_config; |
| 2894 client_config.next_protos.push_back(kProtoHTTP11); | 2892 client_config.next_protos.push_back(kProtoHTTP11); |
| 2895 ASSERT_NO_FATAL_FAILURE( | 2893 ASSERT_NO_FATAL_FAILURE( |
| 2896 TestFalseStart(server_options, client_config, true)); | 2894 TestFalseStart(server_options, client_config, true)); |
| 2897 } | 2895 } |
| 2898 | 2896 |
| 2899 // Test that False Start is disabled without NPN. | 2897 // Test that False Start is disabled without NPN. |
| 2900 TEST_F(SSLClientSocketFalseStartTest, NoNPN) { | 2898 TEST_F(SSLClientSocketFalseStartTest, NoNPN) { |
| 2901 if (!SupportsAESGCM()) { | 2899 if (!SupportsAESGCM()) { |
| 2902 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; | 2900 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; |
| 2903 return; | 2901 return; |
| 2904 } | 2902 } |
| 2905 | 2903 |
| 2906 SpawnedTestServer::SSLOptions server_options; | 2904 SpawnedTestServer::SSLOptions server_options; |
| 2907 server_options.key_exchanges = | 2905 server_options.key_exchanges = |
| 2908 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2906 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; |
| 2909 server_options.bulk_ciphers = | 2907 server_options.bulk_ciphers = |
| 2910 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2908 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| 2911 SSLConfig client_config; | 2909 SSLConfig client_config; |
| 2912 client_config.next_protos.clear(); | 2910 client_config.next_protos.clear(); |
| 2913 ASSERT_NO_FATAL_FAILURE( | 2911 ASSERT_NO_FATAL_FAILURE( |
| 2914 TestFalseStart(server_options, client_config, false)); | 2912 TestFalseStart(server_options, client_config, false)); |
| 2915 } | 2913 } |
| 2916 | 2914 |
| 2917 // Test that False Start is disabled with plain RSA ciphers. | 2915 // Test that False Start is disabled without perfect forward secrecy. |
| 2918 TEST_F(SSLClientSocketFalseStartTest, RSA) { | 2916 TEST_F(SSLClientSocketFalseStartTest, NoForwardSecrecy) { |
| 2919 if (!SupportsAESGCM()) { | 2917 if (!SupportsAESGCM()) { |
| 2920 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; | 2918 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; |
| 2921 return; | 2919 return; |
| 2922 } | 2920 } |
| 2923 | 2921 |
| 2924 SpawnedTestServer::SSLOptions server_options; | 2922 SpawnedTestServer::SSLOptions server_options; |
| 2925 server_options.key_exchanges = | 2923 server_options.key_exchanges = |
| 2926 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; | 2924 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_RSA; |
| 2927 server_options.bulk_ciphers = | 2925 server_options.bulk_ciphers = |
| 2928 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2926 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| 2929 server_options.enable_npn = true; | 2927 server_options.enable_npn = true; |
| 2930 SSLConfig client_config; | 2928 SSLConfig client_config; |
| 2931 client_config.next_protos.push_back(kProtoHTTP11); | 2929 client_config.next_protos.push_back(kProtoHTTP11); |
| 2932 ASSERT_NO_FATAL_FAILURE( | 2930 ASSERT_NO_FATAL_FAILURE( |
| 2933 TestFalseStart(server_options, client_config, false)); | 2931 TestFalseStart(server_options, client_config, false)); |
| 2934 } | 2932 } |
| 2935 | 2933 |
| 2936 // Test that False Start is disabled with DHE_RSA ciphers. | 2934 // Test that False Start is disabled without an AEAD. |
| 2937 TEST_F(SSLClientSocketFalseStartTest, DHE_RSA) { | 2935 TEST_F(SSLClientSocketFalseStartTest, NoAEAD) { |
| 2936 SpawnedTestServer::SSLOptions server_options; |
| 2937 server_options.key_exchanges = |
| 2938 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; |
| 2939 server_options.bulk_ciphers = |
| 2940 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128; |
| 2941 server_options.enable_npn = true; |
| 2942 SSLConfig client_config; |
| 2943 client_config.next_protos.push_back(kProtoHTTP11); |
| 2944 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false)); |
| 2945 } |
| 2946 |
| 2947 // Test that sessions are resumable after receiving the server Finished message. |
| 2948 TEST_F(SSLClientSocketFalseStartTest, SessionResumption) { |
| 2938 if (!SupportsAESGCM()) { | 2949 if (!SupportsAESGCM()) { |
| 2939 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; | 2950 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; |
| 2940 return; | 2951 return; |
| 2941 } | 2952 } |
| 2942 | 2953 |
| 2954 // Start a server. |
| 2943 SpawnedTestServer::SSLOptions server_options; | 2955 SpawnedTestServer::SSLOptions server_options; |
| 2944 server_options.key_exchanges = | 2956 server_options.key_exchanges = |
| 2945 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; | 2957 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; |
| 2946 server_options.bulk_ciphers = | 2958 server_options.bulk_ciphers = |
| 2947 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2959 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| 2948 server_options.enable_npn = true; | 2960 server_options.enable_npn = true; |
| 2949 SSLConfig client_config; | 2961 SSLConfig client_config; |
| 2950 client_config.next_protos.push_back(kProtoHTTP11); | 2962 client_config.next_protos.push_back(kProtoHTTP11); |
| 2951 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false)); | |
| 2952 } | |
| 2953 | |
| 2954 // Test that False Start is disabled without an AEAD. | |
| 2955 TEST_F(SSLClientSocketFalseStartTest, NoAEAD) { | |
| 2956 SpawnedTestServer::SSLOptions server_options; | |
| 2957 server_options.key_exchanges = | |
| 2958 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | |
| 2959 server_options.bulk_ciphers = | |
| 2960 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128; | |
| 2961 server_options.enable_npn = true; | |
| 2962 SSLConfig client_config; | |
| 2963 client_config.next_protos.push_back(kProtoHTTP11); | |
| 2964 ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false)); | |
| 2965 } | |
| 2966 | |
| 2967 // Test that sessions are resumable after receiving the server Finished message. | |
| 2968 TEST_F(SSLClientSocketFalseStartTest, SessionResumption) { | |
| 2969 if (!SupportsAESGCM()) { | |
| 2970 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; | |
| 2971 return; | |
| 2972 } | |
| 2973 | |
| 2974 // Start a server. | |
| 2975 SpawnedTestServer::SSLOptions server_options; | |
| 2976 server_options.key_exchanges = | |
| 2977 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | |
| 2978 server_options.bulk_ciphers = | |
| 2979 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | |
| 2980 server_options.enable_npn = true; | |
| 2981 SSLConfig client_config; | |
| 2982 client_config.next_protos.push_back(kProtoHTTP11); | |
| 2983 | 2963 |
| 2984 // Let a full handshake complete with False Start. | 2964 // Let a full handshake complete with False Start. |
| 2985 ASSERT_NO_FATAL_FAILURE( | 2965 ASSERT_NO_FATAL_FAILURE( |
| 2986 TestFalseStart(server_options, client_config, true)); | 2966 TestFalseStart(server_options, client_config, true)); |
| 2987 | 2967 |
| 2988 // Make a second connection. | 2968 // Make a second connection. |
| 2989 TestCompletionCallback callback; | 2969 TestCompletionCallback callback; |
| 2990 scoped_ptr<StreamSocket> transport2( | 2970 scoped_ptr<StreamSocket> transport2( |
| 2991 new TCPClientSocket(addr(), &log_, NetLog::Source())); | 2971 new TCPClientSocket(addr(), &log_, NetLog::Source())); |
| 2992 EXPECT_EQ(OK, callback.GetResult(transport2->Connect(callback.callback()))); | 2972 EXPECT_EQ(OK, callback.GetResult(transport2->Connect(callback.callback()))); |
| (...skipping 12 matching lines...) Expand all Loading... |
| 3005 // message. | 2985 // message. |
| 3006 TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBeforeFinish) { | 2986 TEST_F(SSLClientSocketFalseStartTest, NoSessionResumptionBeforeFinish) { |
| 3007 if (!SupportsAESGCM()) { | 2987 if (!SupportsAESGCM()) { |
| 3008 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; | 2988 LOG(WARNING) << "Skipping test because AES-GCM is not supported."; |
| 3009 return; | 2989 return; |
| 3010 } | 2990 } |
| 3011 | 2991 |
| 3012 // Start a server. | 2992 // Start a server. |
| 3013 SpawnedTestServer::SSLOptions server_options; | 2993 SpawnedTestServer::SSLOptions server_options; |
| 3014 server_options.key_exchanges = | 2994 server_options.key_exchanges = |
| 3015 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_ECDHE_RSA; | 2995 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; |
| 3016 server_options.bulk_ciphers = | 2996 server_options.bulk_ciphers = |
| 3017 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; | 2997 SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM; |
| 3018 server_options.enable_npn = true; | 2998 server_options.enable_npn = true; |
| 3019 ASSERT_TRUE(StartTestServer(server_options)); | 2999 ASSERT_TRUE(StartTestServer(server_options)); |
| 3020 | 3000 |
| 3021 SSLConfig client_config; | 3001 SSLConfig client_config; |
| 3022 client_config.next_protos.push_back(kProtoHTTP11); | 3002 client_config.next_protos.push_back(kProtoHTTP11); |
| 3023 | 3003 |
| 3024 // Start a handshake up to the server Finished message. | 3004 // Start a handshake up to the server Finished message. |
| 3025 TestCompletionCallback callback; | 3005 TestCompletionCallback callback; |
| (...skipping 93 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3119 ssl_config.channel_id_enabled = true; | 3099 ssl_config.channel_id_enabled = true; |
| 3120 | 3100 |
| 3121 int rv; | 3101 int rv; |
| 3122 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 3102 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 3123 | 3103 |
| 3124 EXPECT_EQ(ERR_UNEXPECTED, rv); | 3104 EXPECT_EQ(ERR_UNEXPECTED, rv); |
| 3125 EXPECT_FALSE(sock_->IsConnected()); | 3105 EXPECT_FALSE(sock_->IsConnected()); |
| 3126 } | 3106 } |
| 3127 | 3107 |
| 3128 } // namespace net | 3108 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1055683005:
Revert of Require ECDHE for False Start. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master