| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived | 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived |
| 6 // from AuthCertificateCallback() in | 6 // from AuthCertificateCallback() in |
| 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. | 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. |
| 8 | 8 |
| 9 /* ***** BEGIN LICENSE BLOCK ***** | 9 /* ***** BEGIN LICENSE BLOCK ***** |
| 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 | 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 |
| (...skipping 2743 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2754 | 2754 |
| 2755 SSLVersionRange version_range; | 2755 SSLVersionRange version_range; |
| 2756 version_range.min = ssl_config_.version_min; | 2756 version_range.min = ssl_config_.version_min; |
| 2757 version_range.max = ssl_config_.version_max; | 2757 version_range.max = ssl_config_.version_max; |
| 2758 rv = SSL_VersionRangeSet(nss_fd_, &version_range); | 2758 rv = SSL_VersionRangeSet(nss_fd_, &version_range); |
| 2759 if (rv != SECSuccess) { | 2759 if (rv != SECSuccess) { |
| 2760 LogFailedNSSFunction(net_log_, "SSL_VersionRangeSet", ""); | 2760 LogFailedNSSFunction(net_log_, "SSL_VersionRangeSet", ""); |
| 2761 return ERR_NO_SSL_VERSIONS_ENABLED; | 2761 return ERR_NO_SSL_VERSIONS_ENABLED; |
| 2762 } | 2762 } |
| 2763 | 2763 |
| 2764 if (ssl_config_.require_ecdhe) { |
| 2765 const PRUint16* const ssl_ciphers = SSL_GetImplementedCiphers(); |
| 2766 const PRUint16 num_ciphers = SSL_GetNumImplementedCiphers(); |
| 2767 |
| 2768 // Iterate over the cipher suites and disable those that don't use ECDHE. |
| 2769 for (unsigned i = 0; i < num_ciphers; i++) { |
| 2770 SSLCipherSuiteInfo info; |
| 2771 if (SSL_GetCipherSuiteInfo(ssl_ciphers[i], &info, sizeof(info)) == |
| 2772 SECSuccess) { |
| 2773 if (strcmp(info.keaTypeName, "ECDHE") != 0) { |
| 2774 SSL_CipherPrefSet(nss_fd_, ssl_ciphers[i], PR_FALSE); |
| 2775 } |
| 2776 } |
| 2777 } |
| 2778 } |
| 2779 |
| 2764 if (ssl_config_.version_fallback) { | 2780 if (ssl_config_.version_fallback) { |
| 2765 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALLBACK_SCSV, PR_TRUE); | 2781 rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALLBACK_SCSV, PR_TRUE); |
| 2766 if (rv != SECSuccess) { | 2782 if (rv != SECSuccess) { |
| 2767 LogFailedNSSFunction( | 2783 LogFailedNSSFunction( |
| 2768 net_log_, "SSL_OptionSet", "SSL_ENABLE_FALLBACK_SCSV"); | 2784 net_log_, "SSL_OptionSet", "SSL_ENABLE_FALLBACK_SCSV"); |
| 2769 } | 2785 } |
| 2770 } | 2786 } |
| 2771 | 2787 |
| 2772 for (std::vector<uint16>::const_iterator it = | 2788 for (std::vector<uint16>::const_iterator it = |
| 2773 ssl_config_.disabled_cipher_suites.begin(); | 2789 ssl_config_.disabled_cipher_suites.begin(); |
| (...skipping 405 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3179 return channel_id_service_; | 3195 return channel_id_service_; |
| 3180 } | 3196 } |
| 3181 | 3197 |
| 3182 SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const { | 3198 SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const { |
| 3183 if (completed_handshake_) | 3199 if (completed_handshake_) |
| 3184 return SSL_FAILURE_NONE; | 3200 return SSL_FAILURE_NONE; |
| 3185 return SSL_FAILURE_UNKNOWN; | 3201 return SSL_FAILURE_UNKNOWN; |
| 3186 } | 3202 } |
| 3187 | 3203 |
| 3188 } // namespace net | 3204 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1191623002:
Require ECDHE cipher in remoting client. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master