| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/ssl_client_socket.h" | 5 #include "net/socket/ssl_client_socket.h" |
| 6 | 6 |
| 7 #include "base/callback_helpers.h" | 7 #include "base/callback_helpers.h" |
| 8 #include "base/location.h" | 8 #include "base/location.h" |
| 9 #include "base/memory/ref_counted.h" | 9 #include "base/memory/ref_counted.h" |
| 10 #include "base/run_loop.h" | 10 #include "base/run_loop.h" |
| (...skipping 2484 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2495 // offer the > TLS 1.0 session, so this must have been the session from the | 2495 // offer the > TLS 1.0 session, so this must have been the session from the |
| 2496 // first fallback connection. | 2496 // first fallback connection. |
| 2497 ASSERT_TRUE(CreateAndConnectSSLClientSocket(fallback_ssl_config, &rv)); | 2497 ASSERT_TRUE(CreateAndConnectSSLClientSocket(fallback_ssl_config, &rv)); |
| 2498 EXPECT_EQ(OK, rv); | 2498 EXPECT_EQ(OK, rv); |
| 2499 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); | 2499 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); |
| 2500 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); | 2500 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); |
| 2501 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1, | 2501 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1, |
| 2502 SSLConnectionStatusToVersion(ssl_info.connection_status)); | 2502 SSLConnectionStatusToVersion(ssl_info.connection_status)); |
| 2503 } | 2503 } |
| 2504 | 2504 |
| 2505 // Test that RC4 is only enabled if enable_deprecated_cipher_suites is set. | 2505 // Test that RC4 is only enabled if rc4_enabled is set. |
| 2506 TEST_F(SSLClientSocketTest, DeprecatedRC4) { | 2506 TEST_F(SSLClientSocketTest, RC4Enabled) { |
| 2507 SpawnedTestServer::SSLOptions ssl_options; | 2507 SpawnedTestServer::SSLOptions ssl_options; |
| 2508 ssl_options.bulk_ciphers = SpawnedTestServer::SSLOptions::BULK_CIPHER_RC4; | 2508 ssl_options.bulk_ciphers = SpawnedTestServer::SSLOptions::BULK_CIPHER_RC4; |
| 2509 ASSERT_TRUE(StartTestServer(ssl_options)); | 2509 ASSERT_TRUE(StartTestServer(ssl_options)); |
| 2510 | 2510 |
| 2511 // Normal handshakes with RC4 do not work. | 2511 // Normal handshakes with RC4 do not work. |
| 2512 SSLConfig ssl_config; | 2512 SSLConfig ssl_config; |
| 2513 int rv; | 2513 int rv; |
| 2514 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 2514 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 2515 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv); | 2515 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv); |
| 2516 | 2516 |
| 2517 // Enabling deprecated ciphers works fine. | 2517 // Enabling RC4 works fine. |
| 2518 ssl_config.enable_deprecated_cipher_suites = true; | 2518 ssl_config.rc4_enabled = true; |
| 2519 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); | 2519 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); |
| 2520 EXPECT_EQ(OK, rv); | 2520 EXPECT_EQ(OK, rv); |
| 2521 } | 2521 } |
| 2522 | 2522 |
| 2523 // Tests that enabling deprecated ciphers shards the session cache. | 2523 // Tests that enabling deprecated ciphers shards the session cache. |
| 2524 TEST_F(SSLClientSocketTest, DeprecatedShardSessionCache) { | 2524 TEST_F(SSLClientSocketTest, DeprecatedShardSessionCache) { |
| 2525 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); | 2525 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); |
| 2526 | 2526 |
| 2527 // Prepare a normal and deprecated SSL config. | 2527 // Prepare a normal and deprecated SSL config. |
| 2528 SSLConfig ssl_config; | 2528 SSLConfig ssl_config; |
| 2529 SSLConfig deprecated_ssl_config; | 2529 SSLConfig deprecated_ssl_config; |
| 2530 deprecated_ssl_config.enable_deprecated_cipher_suites = true; | 2530 deprecated_ssl_config.deprecated_cipher_suites_enabled = true; |
| 2531 | 2531 |
| 2532 // Connect with deprecated ciphers enabled to warm the session cache cache. | 2532 // Connect with deprecated ciphers enabled to warm the session cache cache. |
| 2533 int rv; | 2533 int rv; |
| 2534 ASSERT_TRUE(CreateAndConnectSSLClientSocket(deprecated_ssl_config, &rv)); | 2534 ASSERT_TRUE(CreateAndConnectSSLClientSocket(deprecated_ssl_config, &rv)); |
| 2535 EXPECT_EQ(OK, rv); | 2535 EXPECT_EQ(OK, rv); |
| 2536 SSLInfo ssl_info; | 2536 SSLInfo ssl_info; |
| 2537 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); | 2537 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); |
| 2538 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); | 2538 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); |
| 2539 | 2539 |
| 2540 // Test that re-connecting with deprecated ciphers enabled still resumes. | 2540 // Test that re-connecting with deprecated ciphers enabled still resumes. |
| (...skipping 470 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3011 int rv; | 3011 int rv; |
| 3012 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); | 3012 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); |
| 3013 EXPECT_EQ(OK, rv); | 3013 EXPECT_EQ(OK, rv); |
| 3014 | 3014 |
| 3015 std::string proto; | 3015 std::string proto; |
| 3016 EXPECT_EQ(SSLClientSocket::kNextProtoUnsupported, | 3016 EXPECT_EQ(SSLClientSocket::kNextProtoUnsupported, |
| 3017 sock_->GetNextProto(&proto)); | 3017 sock_->GetNextProto(&proto)); |
| 3018 } | 3018 } |
| 3019 | 3019 |
| 3020 } // namespace net | 3020 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1422293002:
Remove RC4 by default. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master