Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2635)

Unified Diff: chrome/browser/net/ssl_config_service_manager_pref.cc

Issue 1360633002: Implement Token Binding negotiation TLS extension (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@test-server-flags
Patch Set: rebase Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | chrome/browser/prefs/command_line_pref_store.cc » ('j') | net/socket/ssl_client_socket.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/net/ssl_config_service_manager_pref.cc
diff --git a/chrome/browser/net/ssl_config_service_manager_pref.cc b/chrome/browser/net/ssl_config_service_manager_pref.cc
index f419580269d767a52529adef0e3fd74f703a8798..941a0cb355dac152a61bb0bd4ff22030ffbf5f53 100644
--- a/chrome/browser/net/ssl_config_service_manager_pref.cc
+++ b/chrome/browser/net/ssl_config_service_manager_pref.cc
@@ -160,6 +160,7 @@ class SSLConfigServiceManagerPref
StringPrefMember ssl_version_max_;
StringPrefMember ssl_version_fallback_min_;
BooleanPrefMember ssl_record_splitting_disabled_;
+ BooleanPrefMember token_binding_enabled_;
// The cached list of disabled SSL cipher suites.
std::vector<uint16> disabled_cipher_suites_;
@@ -193,6 +194,8 @@ SSLConfigServiceManagerPref::SSLConfigServiceManagerPref(
prefs::kSSLVersionFallbackMin, local_state, local_state_callback);
ssl_record_splitting_disabled_.Init(
prefs::kDisableSSLRecordSplitting, local_state, local_state_callback);
+ token_binding_enabled_.Init(
+ prefs::kEnableTokenBinding, local_state, local_state_callback);
local_state_change_registrar_.Init(local_state);
local_state_change_registrar_.Add(
@@ -218,6 +221,8 @@ void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) {
registry->RegisterStringPref(prefs::kSSLVersionFallbackMin, std::string());
registry->RegisterBooleanPref(prefs::kDisableSSLRecordSplitting,
!default_config.false_start_enabled);
+ registry->RegisterBooleanPref(prefs::kEnableTokenBinding,
+ default_config.token_binding_params.size() > 0);
davidben 2015/09/25 21:51:50 This is sort of weird. We're pulling information f
nharper 2015/09/28 21:43:38 I changed this to use the size == 1 && params[0] =
registry->RegisterListPref(prefs::kCipherSuiteBlacklist);
}
@@ -280,6 +285,10 @@ void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs(
config->disabled_cipher_suites = disabled_cipher_suites_;
// disabling False Start also happens to disable record splitting.
config->false_start_enabled = !ssl_record_splitting_disabled_.GetValue();
+ if (token_binding_enabled_.GetValue()) {
+ config->token_binding_params.clear();
+ config->token_binding_params.push_back(net::TB_PARAM_ECDSAP256_SHA256);
+ }
}
void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange(
« no previous file with comments | « no previous file | chrome/browser/prefs/command_line_pref_store.cc » ('j') | net/socket/ssl_client_socket.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698