| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/ssl/ssl_cipher_suite_names.h" | 5 #include "net/ssl/ssl_cipher_suite_names.h" |
| 6 | 6 |
| 7 #if defined(USE_OPENSSL) | 7 #if defined(USE_OPENSSL) |
| 8 #include <openssl/ssl.h> | 8 #include <openssl/ssl.h> |
| 9 #endif | 9 #endif |
| 10 #include <stdlib.h> | 10 #include <stdlib.h> |
| (...skipping 348 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 359 return true; | 359 return true; |
| 360 } | 360 } |
| 361 return false; | 361 return false; |
| 362 } | 362 } |
| 363 | 363 |
| 364 bool IsSecureTLSCipherSuite(uint16 cipher_suite) { | 364 bool IsSecureTLSCipherSuite(uint16 cipher_suite) { |
| 365 int key_exchange, cipher, mac; | 365 int key_exchange, cipher, mac; |
| 366 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) | 366 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) |
| 367 return false; | 367 return false; |
| 368 | 368 |
| 369 // Only allow forward secure key exchanges. | 369 // Only allow ECDHE key exchanges. |
| 370 switch (key_exchange) { | 370 switch (key_exchange) { |
| 371 case 10: // DHE_RSA | |
| 372 case 14: // ECDHE_ECDSA | 371 case 14: // ECDHE_ECDSA |
| 373 case 16: // ECDHE_RSA | 372 case 16: // ECDHE_RSA |
| 374 break; | 373 break; |
| 375 default: | 374 default: |
| 376 return false; | 375 return false; |
| 377 } | 376 } |
| 378 | 377 |
| 379 switch (cipher) { | 378 switch (cipher) { |
| 380 case 13: // AES_128_GCM | 379 case 13: // AES_128_GCM |
| 381 case 14: // AES_256_GCM | 380 case 14: // AES_256_GCM |
| 382 case 17: // CHACHA20_POLY1305 | 381 case 17: // CHACHA20_POLY1305 |
| 383 break; | 382 break; |
| 384 default: | 383 default: |
| 385 return false; | 384 return false; |
| 386 } | 385 } |
| 387 | 386 |
| 388 // Only AEADs allowed. | 387 // Only AEADs allowed. |
| 389 if (mac != kAEADMACValue) | 388 if (mac != kAEADMACValue) |
| 390 return false; | 389 return false; |
| 391 | 390 |
| 392 return true; | 391 return true; |
| 393 } | 392 } |
| 394 | 393 |
| 395 bool IsFalseStartableTLSCipherSuite(uint16 cipher_suite) { | 394 bool IsTLSCipherSuiteAllowedByHTTP2(uint16 cipher_suite) { |
| 396 int key_exchange, cipher, mac; | 395 int key_exchange, cipher, mac; |
| 397 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) | 396 if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) |
| 398 return false; | 397 return false; |
| 399 | 398 |
| 400 // Only allow ECDHE key exchanges. | 399 // Only allow forward secure key exchanges. |
| 401 switch (key_exchange) { | 400 switch (key_exchange) { |
| 401 case 10: // DHE_RSA |
| 402 case 14: // ECDHE_ECDSA | 402 case 14: // ECDHE_ECDSA |
| 403 case 16: // ECDHE_RSA | 403 case 16: // ECDHE_RSA |
| 404 break; | 404 break; |
| 405 default: | 405 default: |
| 406 return false; | 406 return false; |
| 407 } | 407 } |
| 408 | 408 |
| 409 switch (cipher) { | 409 switch (cipher) { |
| 410 case 13: // AES_128_GCM | 410 case 13: // AES_128_GCM |
| 411 case 14: // AES_256_GCM | 411 case 14: // AES_256_GCM |
| (...skipping 22 matching lines...) Expand all Loading... |
| 434 default: | 434 default: |
| 435 return nullptr; | 435 return nullptr; |
| 436 } | 436 } |
| 437 return SSL_get_curve_name(key_exchange_info); | 437 return SSL_get_curve_name(key_exchange_info); |
| 438 #else | 438 #else |
| 439 return nullptr; | 439 return nullptr; |
| 440 #endif | 440 #endif |
| 441 } | 441 } |
| 442 | 442 |
| 443 } // namespace net | 443 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1405383003:
IsSecureTLSCipherSuite should not classify DHE_RSA as secure. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master