Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(558)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_server_socket_nss.cc

Issue 1191623002: Require ECDHE cipher in remoting client. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/socket/ssl_client_socket_unittest.cc ('k') | net/ssl/ssl_config.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_server_socket_nss.h" 5 #include "net/socket/ssl_server_socket_nss.h"
6 6
7 #if defined(OS_WIN) 7 #if defined(OS_WIN)
8 #include <winsock2.h> 8 #include <winsock2.h>
9 #endif 9 #endif
10 10
(...skipping 339 matching lines...) Expand 10 before | Expand all | Expand 10 after
350 rv = SSL_VersionRangeSet(nss_fd_, &version_range); 350 rv = SSL_VersionRangeSet(nss_fd_, &version_range);
351 if (rv != SECSuccess) { 351 if (rv != SECSuccess) {
352 LogFailedNSSFunction(net_log_, "SSL_VersionRangeSet", ""); 352 LogFailedNSSFunction(net_log_, "SSL_VersionRangeSet", "");
353 return ERR_NO_SSL_VERSIONS_ENABLED; 353 return ERR_NO_SSL_VERSIONS_ENABLED;
354 } 354 }
355 355
356 if (ssl_config_.require_ecdhe) { 356 if (ssl_config_.require_ecdhe) {
357 const PRUint16* const ssl_ciphers = SSL_GetImplementedCiphers(); 357 const PRUint16* const ssl_ciphers = SSL_GetImplementedCiphers();
358 const PRUint16 num_ciphers = SSL_GetNumImplementedCiphers(); 358 const PRUint16 num_ciphers = SSL_GetNumImplementedCiphers();
359 359
360 // Require forward security by iterating over the cipher suites and 360 // Iterate over the cipher suites and disable those that don't use ECDHE.
361 // disabling all those that don't use ECDHE.
362 for (unsigned i = 0; i < num_ciphers; i++) { 361 for (unsigned i = 0; i < num_ciphers; i++) {
363 SSLCipherSuiteInfo info; 362 SSLCipherSuiteInfo info;
364 if (SSL_GetCipherSuiteInfo(ssl_ciphers[i], &info, sizeof(info)) == 363 if (SSL_GetCipherSuiteInfo(ssl_ciphers[i], &info, sizeof(info)) ==
365 SECSuccess) { 364 SECSuccess) {
366 if (strcmp(info.keaTypeName, "ECDHE") != 0) { 365 if (strcmp(info.keaTypeName, "ECDHE") != 0) {
367 SSL_CipherPrefSet(nss_fd_, ssl_ciphers[i], PR_FALSE); 366 SSL_CipherPrefSet(nss_fd_, ssl_ciphers[i], PR_FALSE);
368 } 367 }
369 } 368 }
370 } 369 }
371 } 370 }
(...skipping 462 matching lines...) Expand 10 before | Expand all | Expand 10 after
834 // initializes the NSS base library. 833 // initializes the NSS base library.
835 EnsureNSSSSLInit(); 834 EnsureNSSSSLInit();
836 if (!NSS_IsInitialized()) 835 if (!NSS_IsInitialized())
837 return ERR_UNEXPECTED; 836 return ERR_UNEXPECTED;
838 837
839 EnableSSLServerSockets(); 838 EnableSSLServerSockets();
840 return OK; 839 return OK;
841 } 840 }
842 841
843 } // namespace net 842 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket_unittest.cc ('k') | net/ssl/ssl_config.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698