OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_server_socket_nss.h" | 5 #include "net/socket/ssl_server_socket_nss.h" |
6 | 6 |
7 #if defined(OS_WIN) | 7 #if defined(OS_WIN) |
8 #include <winsock2.h> | 8 #include <winsock2.h> |
9 #endif | 9 #endif |
10 | 10 |
(...skipping 331 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
342 | 342 |
343 SSLVersionRange version_range; | 343 SSLVersionRange version_range; |
344 version_range.min = ssl_config_.version_min; | 344 version_range.min = ssl_config_.version_min; |
345 version_range.max = ssl_config_.version_max; | 345 version_range.max = ssl_config_.version_max; |
346 rv = SSL_VersionRangeSet(nss_fd_, &version_range); | 346 rv = SSL_VersionRangeSet(nss_fd_, &version_range); |
347 if (rv != SECSuccess) { | 347 if (rv != SECSuccess) { |
348 LogFailedNSSFunction(net_log_, "SSL_VersionRangeSet", ""); | 348 LogFailedNSSFunction(net_log_, "SSL_VersionRangeSet", ""); |
349 return ERR_NO_SSL_VERSIONS_ENABLED; | 349 return ERR_NO_SSL_VERSIONS_ENABLED; |
350 } | 350 } |
351 | 351 |
352 if (ssl_config_.require_forward_secrecy) { | 352 if (ssl_config_.require_ecdhe) { |
353 const PRUint16* const ssl_ciphers = SSL_GetImplementedCiphers(); | 353 const PRUint16* const ssl_ciphers = SSL_GetImplementedCiphers(); |
354 const PRUint16 num_ciphers = SSL_GetNumImplementedCiphers(); | 354 const PRUint16 num_ciphers = SSL_GetNumImplementedCiphers(); |
355 | 355 |
356 // Require forward security by iterating over the cipher suites and | 356 // Require forward security by iterating over the cipher suites and |
357 // disabling all those that don't use ECDHE. | 357 // disabling all those that don't use ECDHE. |
358 for (unsigned i = 0; i < num_ciphers; i++) { | 358 for (unsigned i = 0; i < num_ciphers; i++) { |
359 SSLCipherSuiteInfo info; | 359 SSLCipherSuiteInfo info; |
360 if (SSL_GetCipherSuiteInfo(ssl_ciphers[i], &info, sizeof(info)) == | 360 if (SSL_GetCipherSuiteInfo(ssl_ciphers[i], &info, sizeof(info)) == |
361 SECSuccess) { | 361 SECSuccess) { |
362 if (strcmp(info.keaTypeName, "ECDHE") != 0) { | 362 if (strcmp(info.keaTypeName, "ECDHE") != 0) { |
(...skipping 467 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
830 // initializes the NSS base library. | 830 // initializes the NSS base library. |
831 EnsureNSSSSLInit(); | 831 EnsureNSSSSLInit(); |
832 if (!NSS_IsInitialized()) | 832 if (!NSS_IsInitialized()) |
833 return ERR_UNEXPECTED; | 833 return ERR_UNEXPECTED; |
834 | 834 |
835 EnableSSLServerSockets(); | 835 EnableSSLServerSockets(); |
836 return OK; | 836 return OK; |
837 } | 837 } |
838 | 838 |
839 } // namespace net | 839 } // namespace net |
OLD | NEW |