Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(422)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_server_socket_openssl.cc

Issue 1139013002: Completely remove SSLv3 support. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/socket/ssl_client_socket_openssl.cc ('K') | « net/socket/ssl_client_socket_openssl.cc ('k') | net/ssl/ssl_config.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_server_socket_openssl.h" 5 #include "net/socket/ssl_server_socket_openssl.h"
6 6
7 #include <openssl/err.h> 7 #include <openssl/err.h>
8 #include <openssl/ssl.h> 8 #include <openssl/ssl.h>
9 9
10 #include "base/callback_helpers.h" 10 #include "base/callback_helpers.h"
(...skipping 636 matching lines...) Expand 10 before | Expand all | Expand 10 after
647 return ERR_UNEXPECTED; 647 return ERR_UNEXPECTED;
648 } 648 }
649 #endif // USE_OPENSSL_CERTS 649 #endif // USE_OPENSSL_CERTS
650 650
651 DCHECK(key_->key()); 651 DCHECK(key_->key());
652 if (SSL_use_PrivateKey(ssl_, key_->key()) != 1) { 652 if (SSL_use_PrivateKey(ssl_, key_->key()) != 1) {
653 LOG(ERROR) << "Cannot set private key."; 653 LOG(ERROR) << "Cannot set private key.";
654 return ERR_UNEXPECTED; 654 return ERR_UNEXPECTED;
655 } 655 }
656 656
657 DCHECK_LT(SSL3_VERSION, ssl_config_.version_min);
658 DCHECK_LT(SSL3_VERSION, ssl_config_.version_max);
659 SSL_set_min_version(ssl_, ssl_config_.version_min);
660 SSL_set_max_version(ssl_, ssl_config_.version_max);
661
657 // OpenSSL defaults some options to on, others to off. To avoid ambiguity, 662 // OpenSSL defaults some options to on, others to off. To avoid ambiguity,
658 // set everything we care about to an absolute value. 663 // set everything we care about to an absolute value.
659 SslSetClearMask options; 664 SslSetClearMask options;
660 options.ConfigureFlag(SSL_OP_NO_SSLv2, true);
661 bool ssl3_enabled = (ssl_config_.version_min == SSL_PROTOCOL_VERSION_SSL3);
662 options.ConfigureFlag(SSL_OP_NO_SSLv3, !ssl3_enabled);
663 bool tls1_enabled = (ssl_config_.version_min <= SSL_PROTOCOL_VERSION_TLS1 &&
664 ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1);
665 options.ConfigureFlag(SSL_OP_NO_TLSv1, !tls1_enabled);
666 bool tls1_1_enabled =
667 (ssl_config_.version_min <= SSL_PROTOCOL_VERSION_TLS1_1 &&
668 ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1_1);
669 options.ConfigureFlag(SSL_OP_NO_TLSv1_1, !tls1_1_enabled);
670 bool tls1_2_enabled =
671 (ssl_config_.version_min <= SSL_PROTOCOL_VERSION_TLS1_2 &&
672 ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1_2);
673 options.ConfigureFlag(SSL_OP_NO_TLSv1_2, !tls1_2_enabled);
674
675 options.ConfigureFlag(SSL_OP_NO_COMPRESSION, true); 665 options.ConfigureFlag(SSL_OP_NO_COMPRESSION, true);
676 666
677 SSL_set_options(ssl_, options.set_mask); 667 SSL_set_options(ssl_, options.set_mask);
678 SSL_clear_options(ssl_, options.clear_mask); 668 SSL_clear_options(ssl_, options.clear_mask);
679 669
680 // Same as above, this time for the SSL mode. 670 // Same as above, this time for the SSL mode.
681 SslSetClearMask mode; 671 SslSetClearMask mode;
682 672
683 mode.ConfigureFlag(SSL_MODE_RELEASE_BUFFERS, true); 673 mode.ConfigureFlag(SSL_MODE_RELEASE_BUFFERS, true);
684 674
685 SSL_set_mode(ssl_, mode.set_mask); 675 SSL_set_mode(ssl_, mode.set_mask);
686 SSL_clear_mode(ssl_, mode.clear_mask); 676 SSL_clear_mode(ssl_, mode.clear_mask);
687 677
688 return OK; 678 return OK;
689 } 679 }
690 680
691 } // namespace net 681 } // namespace net
OLDNEW
« net/socket/ssl_client_socket_openssl.cc ('K') | « net/socket/ssl_client_socket_openssl.cc ('k') | net/ssl/ssl_config.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698