| Index: chrome/browser/net/ssl_config_service_manager_pref.cc
|
| diff --git a/chrome/browser/net/ssl_config_service_manager_pref.cc b/chrome/browser/net/ssl_config_service_manager_pref.cc
|
| index c193463d0d4287968998f13cc0e32041685b386a..4c10655144b02856dbabecb9d0b7edbf0a614d25 100644
|
| --- a/chrome/browser/net/ssl_config_service_manager_pref.cc
|
| +++ b/chrome/browser/net/ssl_config_service_manager_pref.cc
|
| @@ -62,40 +62,6 @@ std::vector<uint16> ParseCipherSuites(
|
| return cipher_suites;
|
| }
|
|
|
| -// Returns the string representation of an SSL protocol version. Returns an
|
| -// empty string on error.
|
| -std::string SSLProtocolVersionToString(uint16 version) {
|
| - switch (version) {
|
| - case net::SSL_PROTOCOL_VERSION_SSL3:
|
| - return "ssl3";
|
| - case net::SSL_PROTOCOL_VERSION_TLS1:
|
| - return "tls1";
|
| - case net::SSL_PROTOCOL_VERSION_TLS1_1:
|
| - return "tls1.1";
|
| - case net::SSL_PROTOCOL_VERSION_TLS1_2:
|
| - return "tls1.2";
|
| - default:
|
| - NOTREACHED();
|
| - return std::string();
|
| - }
|
| -}
|
| -
|
| -// Returns the SSL protocol version (as a uint16) represented by a string.
|
| -// Returns 0 if the string is invalid.
|
| -uint16 SSLProtocolVersionFromString(const std::string& version_str) {
|
| - uint16 version = 0; // Invalid.
|
| - if (version_str == "ssl3") {
|
| - version = net::SSL_PROTOCOL_VERSION_SSL3;
|
| - } else if (version_str == "tls1") {
|
| - version = net::SSL_PROTOCOL_VERSION_TLS1;
|
| - } else if (version_str == "tls1.1") {
|
| - version = net::SSL_PROTOCOL_VERSION_TLS1_1;
|
| - } else if (version_str == "tls1.2") {
|
| - version = net::SSL_PROTOCOL_VERSION_TLS1_2;
|
| - }
|
| - return version;
|
| -}
|
| -
|
| } // namespace
|
|
|
| ////////////////////////////////////////////////////////////////////////////////
|
| @@ -180,6 +146,7 @@ class SSLConfigServiceManagerPref
|
| StringPrefMember ssl_version_max_;
|
| BooleanPrefMember channel_id_enabled_;
|
| BooleanPrefMember ssl_record_splitting_disabled_;
|
| + BooleanPrefMember ssl_version_min_preloaded_disabled_;
|
|
|
| // The cached list of disabled SSL cipher suites.
|
| std::vector<uint16> disabled_cipher_suites_;
|
| @@ -219,6 +186,8 @@ SSLConfigServiceManagerPref::SSLConfigServiceManagerPref(
|
| prefs::kEnableOriginBoundCerts, local_state, local_state_callback);
|
| ssl_record_splitting_disabled_.Init(
|
| prefs::kDisableSSLRecordSplitting, local_state, local_state_callback);
|
| + ssl_version_min_preloaded_disabled_.Init(
|
| + prefs::kDisableSSLVersionMinPreloaded, local_state, local_state_callback);
|
|
|
| local_state_change_registrar_.Init(local_state);
|
| local_state_change_registrar_.Add(
|
| @@ -251,15 +220,18 @@ void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) {
|
| registry->RegisterBooleanPref(prefs::kCertRevocationCheckingEnabled,
|
| default_config.rev_checking_enabled);
|
| std::string version_min_str =
|
| - SSLProtocolVersionToString(default_config.version_min);
|
| + net::SSLConfig::SSLProtocolVersionToString(default_config.version_min);
|
| std::string version_max_str =
|
| - SSLProtocolVersionToString(default_config.version_max);
|
| + net::SSLConfig::SSLProtocolVersionToString(default_config.version_max);
|
| registry->RegisterStringPref(prefs::kSSLVersionMin, version_min_str);
|
| registry->RegisterStringPref(prefs::kSSLVersionMax, version_max_str);
|
| registry->RegisterBooleanPref(prefs::kEnableOriginBoundCerts,
|
| default_config.channel_id_enabled);
|
| registry->RegisterBooleanPref(prefs::kDisableSSLRecordSplitting,
|
| !default_config.false_start_enabled);
|
| + registry->RegisterBooleanPref(
|
| + prefs::kDisableSSLVersionMinPreloaded,
|
| + default_config.ssl_version_min_preloaded_disabled);
|
| registry->RegisterListPref(prefs::kCipherSuiteBlacklist);
|
| }
|
|
|
| @@ -298,8 +270,10 @@ void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs(
|
| std::string version_max_str = ssl_version_max_.GetValue();
|
| config->version_min = net::SSLConfigService::default_version_min();
|
| config->version_max = net::SSLConfigService::default_version_max();
|
| - uint16 version_min = SSLProtocolVersionFromString(version_min_str);
|
| - uint16 version_max = SSLProtocolVersionFromString(version_max_str);
|
| + uint16 version_min = net::SSLConfig::SSLProtocolVersionFromString(
|
| + version_min_str);
|
| + uint16 version_max = net::SSLConfig::SSLProtocolVersionFromString(
|
| + version_max_str);
|
| if (version_min) {
|
| // TODO(wtc): get the minimum SSL protocol version supported by the
|
| // SSLClientSocket class. Right now it happens to be the same as the
|
| @@ -321,6 +295,8 @@ void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs(
|
| config->channel_id_enabled = false;
|
| // disabling False Start also happens to disable record splitting.
|
| config->false_start_enabled = !ssl_record_splitting_disabled_.GetValue();
|
| + config->ssl_version_min_preloaded_disabled =
|
| + ssl_version_min_preloaded_disabled_.GetValue();
|
| SSLConfigServicePref::SetSSLConfigFlags(config);
|
| }
|
|
|
|
|
Chromium Code Reviews
Issue 14125003:
Do not roll back to SSL 3.0 for Google properties. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master