Issue 131085: Linux: Fallback to SSL if server closes early during TLS handshake.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 131085: Linux: Fallback to SSL if server closes early during TLS handshake. (Closed)

Created:
11 years, 6 months ago by willchan no longer on Chromium

Modified:
9 years, 7 months ago

Reviewers:
wtc

CC:
chromium-reviews_googlegroups.com

Visibility:
Public.

Description

Linux: Fallback to SSL if server closes early during TLS handshake. BUG=http://crbug.com/14092 TEST=See bug for example TLS-intolerant server. Committed: http://src.chromium.org/viewvc/chrome?view=rev&revision=18830

Patch Set 1 #

Total comments: 2

Patch Set 2 : Address wtc's comments. #

Patch Set 3 : Add braces. #

Created: 11 years, 6 months ago

Download [raw] [tar.bz2]

		Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+8 lines, -1 line)			Patch
	M	net/base/ssl_client_socket_nss.cc	View	1 2	1 chunk	+8 lines, -1 line	0 comments	Download

Messages

Total messages: 2 (0 generated)

Expand Messages | Collapse Messages

willchan no longer on Chromium

I looked at the test and the python server for a bit, but I don't ...

11 years, 6 months ago (2009-06-19 00:19:53 UTC) #1

wtc

11 years, 6 months ago (2009-06-19 17:47:35 UTC) #2

LGTM.  Please make the changes below.  Thanks!

http://codereview.chromium.org/131085/diff/1/2
File net/base/ssl_client_socket_nss.cc (right):

http://codereview.chromium.org/131085/diff/1/2#newcode695
Line 695: // If the server closed on us when we tried TLS, it might be a
Use this comment:
  If the server closed on us, it is a protocol error.
  Some TLS-intolerant servers do this when we request TLS.

The comment "an SSL 3.0 server that chose a TLS-only cipher
suite" applies to Windows' SSL library only.  That kind of
server isn't a problem for NSS.

http://codereview.chromium.org/131085/diff/1/2#newcode697
Line 697: if (ssl_config_.tls1_enabled && prerr == PR_END_OF_FILE_ERROR)
Please remove ssl_config_.tls1_enabled.  Closing the TCP
connection in the middle of the handshale is a protocol error
for both SSL and TLS.

Nit: add parentheses around the if and else.

Expand Messages | Collapse Messages