net/ssl/ssl_config_service.cc - Issue 14125003: Do not roll back to SSL 3.0 for Google properties.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/ssl/ssl_config_service.cc

Issue 14125003: Do not roll back to SSL 3.0 for Google properties. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Remove learning mode. Enforce TLS for Google's properties. Created 7 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/ssl/ssl_config_service.cc

diff --git a/net/ssl/ssl_config_service.cc b/net/ssl/ssl_config_service.cc

index f46dd7b7dc72450d91be28d10b4a9c3135837fac..6be3c1863fac78494117fcd9757de28fbe30ebf9 100644

--- a/net/ssl/ssl_config_service.cc

+++ b/net/ssl/ssl_config_service.cc

@@ -40,6 +40,7 @@ SSLConfig::SSLConfig()

cached_info_enabled(false),

channel_id_enabled(true),

false_start_enabled(true),

+ ssl_version_min_preloaded_disabled(false),

send_client_cert(false),

verify_ev_cert(false),

version_fallback(false),

@@ -69,6 +70,38 @@ bool SSLConfig::IsAllowedBadCert(const base::StringPiece& der_cert,

return false;

}

+// static

+std::string SSLConfig::SSLProtocolVersionToString(uint16 version) {

+ switch (version) {

+ case net::SSL_PROTOCOL_VERSION_SSL3:

+ return "ssl3";

+ case net::SSL_PROTOCOL_VERSION_TLS1:

+ return "tls1";

+ case net::SSL_PROTOCOL_VERSION_TLS1_1:

+ return "tls1.1";

+ case net::SSL_PROTOCOL_VERSION_TLS1_2:

+ return "tls1.2";

+ default:

+ NOTREACHED();

+ return std::string();

+ }

+// static

+uint16 SSLConfig::SSLProtocolVersionFromString(const std::string& version_str) {

+ uint16 version = 0; // Invalid.

+ if (version_str == "ssl3") {

+ version = net::SSL_PROTOCOL_VERSION_SSL3;

+ } else if (version_str == "tls1") {

+ version = net::SSL_PROTOCOL_VERSION_TLS1;

+ } else if (version_str == "tls1.1") {

+ version = net::SSL_PROTOCOL_VERSION_TLS1_1;

+ } else if (version_str == "tls1.2") {

+ version = net::SSL_PROTOCOL_VERSION_TLS1_2;

+ }

+ return version;

SSLConfigService::SSLConfigService()

: observer_list_(ObserverList<Observer>::NOTIFY_EXISTING_ONLY) {

}

@@ -154,8 +187,10 @@ void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config,

(orig_config.version_min != new_config.version_min) ||

(orig_config.version_max != new_config.version_max) ||

(orig_config.disabled_cipher_suites !=

- new_config.disabled_cipher_suites) ||

+ new_config.disabled_cipher_suites) ||

agl 2013/04/15 15:23:51 This looks like a stray space.

thaidn_google 2013/04/16 00:38:16 Done.

(orig_config.channel_id_enabled != new_config.channel_id_enabled) ||

+ (orig_config.ssl_version_min_preloaded_disabled !=

+ new_config.ssl_version_min_preloaded_disabled) ||

(orig_config.false_start_enabled != new_config.false_start_enabled);

if (config_changed)

« net/ssl/ssl_config_service.h ('K') | « net/ssl/ssl_config_service.h ('k') | net/ssl/ssl_config_service_unittest.cc » ('j') | no next file with comments »