| Index: net/socket/ssl_client_socket_nss.cc
|
| diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
|
| index a1abc620edc0444f664dbeceefe106fbfb5d636b..3633c171c8d59b197d5903ce6d65d286b3c0141d 100644
|
| --- a/net/socket/ssl_client_socket_nss.cc
|
| +++ b/net/socket/ssl_client_socket_nss.cc
|
| @@ -2761,6 +2761,22 @@ int SSLClientSocketNSS::InitializeSSLOptions() {
|
| return ERR_NO_SSL_VERSIONS_ENABLED;
|
| }
|
|
|
| + if (ssl_config_.require_ecdhe) {
|
| + const PRUint16* const ssl_ciphers = SSL_GetImplementedCiphers();
|
| + const PRUint16 num_ciphers = SSL_GetNumImplementedCiphers();
|
| +
|
| + // Iterate over the cipher suites and disable those that don't use ECDHE.
|
| + for (unsigned i = 0; i < num_ciphers; i++) {
|
| + SSLCipherSuiteInfo info;
|
| + if (SSL_GetCipherSuiteInfo(ssl_ciphers[i], &info, sizeof(info)) ==
|
| + SECSuccess) {
|
| + if (strcmp(info.keaTypeName, "ECDHE") != 0) {
|
| + SSL_CipherPrefSet(nss_fd_, ssl_ciphers[i], PR_FALSE);
|
| + }
|
| + }
|
| + }
|
| + }
|
| +
|
| if (ssl_config_.version_fallback) {
|
| rv = SSL_OptionSet(nss_fd_, SSL_ENABLE_FALLBACK_SCSV, PR_TRUE);
|
| if (rv != SECSuccess) {
|
|
|
Chromium Code Reviews
Issue 1191623002:
Require ECDHE cipher in remoting client. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master