Chromium Code Reviews Chromium Code Reviews
Issue 13985023:
net: don't do TLS False Start with RC4. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ | 1 /* -*- Mode: C; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ |
| 2 /* | 2 /* |
| 3 * SSL3 Protocol | 3 * SSL3 Protocol |
| 4 * | 4 * |
| 5 * This Source Code Form is subject to the terms of the Mozilla Public | 5 * This Source Code Form is subject to the terms of the Mozilla Public |
| 6 * License, v. 2.0. If a copy of the MPL was not distributed with this | 6 * License, v. 2.0. If a copy of the MPL was not distributed with this |
| 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ | 7 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ |
| 8 /* $Id: ssl3con.c,v 1.192 2012/09/28 05:10:25 wtc%google.com Exp $ */ | 8 /* $Id: ssl3con.c,v 1.192 2012/09/28 05:10:25 wtc%google.com Exp $ */ |
| 9 | 9 |
| 10 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ | 10 /* TODO(ekr): Implement HelloVerifyRequest on server side. OK for now. */ |
| (...skipping 6398 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 6409 | 6409 |
| 6410 /* An attacker can control the selected ciphersuite so we only wish to | 6410 /* An attacker can control the selected ciphersuite so we only wish to |
| 6411 * do False Start in the case that the selected ciphersuite is | 6411 * do False Start in the case that the selected ciphersuite is |
| 6412 * sufficiently strong that the attack can gain no advantage. | 6412 * sufficiently strong that the attack can gain no advantage. |
| 6413 * Therefore we require an 80-bit cipher and a forward-secret key | 6413 * Therefore we require an 80-bit cipher and a forward-secret key |
| 6414 * exchange. */ | 6414 * exchange. */ |
| 6415 ss->ssl3.cwSpec->cipher_def->secret_key_size >= 10 && | 6415 ss->ssl3.cwSpec->cipher_def->secret_key_size >= 10 && |
| 6416 (ss->ssl3.hs.kea_def->kea == kea_dhe_dss || | 6416 (ss->ssl3.hs.kea_def->kea == kea_dhe_dss || |
| 6417 ss->ssl3.hs.kea_def->kea == kea_dhe_rsa || | 6417 ss->ssl3.hs.kea_def->kea == kea_dhe_rsa || |
| 6418 ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa || | 6418 ss->ssl3.hs.kea_def->kea == kea_ecdhe_ecdsa || |
| 6419 » ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa); | 6419 » ss->ssl3.hs.kea_def->kea == kea_ecdhe_rsa) && |
| 6420 /* In light of recent RC4 analysis (http://www.isg.rhul.ac.uk/tls/), we | |
| 6421 * don't allow False Start with RC4. */ | |
|
Ryan Sleevi
2013/04/15 18:08:35
Perhaps this should be integrated with the comment
agl
2013/04/16 14:59:29
Done.
| |
| 6422 ss->ssl3.cwSpec->cipher_def->cipher != cipher_rc4; | |
| 6420 ssl_ReleaseSpecReadLock(ss); | 6423 ssl_ReleaseSpecReadLock(ss); |
| 6421 return rv; | 6424 return rv; |
| 6422 } | 6425 } |
| 6423 | 6426 |
| 6424 static SECStatus ssl3_SendClientSecondRound(sslSocket *ss); | 6427 static SECStatus ssl3_SendClientSecondRound(sslSocket *ss); |
| 6425 | 6428 |
| 6426 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete | 6429 /* Called from ssl3_HandleHandshakeMessage() when it has deciphered a complete |
| 6427 * ssl3 Server Hello Done message. | 6430 * ssl3 Server Hello Done message. |
| 6428 * Caller must hold Handshake and RecvBuf locks. | 6431 * Caller must hold Handshake and RecvBuf locks. |
| 6429 */ | 6432 */ |
| (...skipping 4836 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 11266 PORT_Free(ss->ssl3.hs.recvdFragments.buf); | 11269 PORT_Free(ss->ssl3.hs.recvdFragments.buf); |
| 11267 } | 11270 } |
| 11268 } | 11271 } |
| 11269 | 11272 |
| 11270 ss->ssl3.initialized = PR_FALSE; | 11273 ss->ssl3.initialized = PR_FALSE; |
| 11271 | 11274 |
| 11272 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); | 11275 SECITEM_FreeItem(&ss->ssl3.nextProto, PR_FALSE); |
| 11273 } | 11276 } |
| 11274 | 11277 |
| 11275 /* End of ssl3con.c */ | 11278 /* End of ssl3con.c */ |
| OLD | NEW |
