Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(288)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/http/http_network_transaction.cc

Issue 1422293002: Remove RC4 by default. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rebase Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « components/ssl_config/ssl_config_service_manager_pref.cc ('k') | net/socket/client_socket_pool_manager.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/http/http_network_transaction.h" 5 #include "net/http/http_network_transaction.h"
6 6
7 #include <set> 7 #include <set>
8 #include <vector> 8 #include <vector>
9 9
10 #include "base/bind.h" 10 #include "base/bind.h"
(...skipping 1273 matching lines...) Expand 10 before | Expand all | Expand 10 after
1284 // by the endpoint host, request_->url, rather than considering if they were 1284 // by the endpoint host, request_->url, rather than considering if they were
1285 // generated by the SSL proxy. http://crbug.com/69329 1285 // generated by the SSL proxy. http://crbug.com/69329
1286 int HttpNetworkTransaction::HandleSSLHandshakeError(int error) { 1286 int HttpNetworkTransaction::HandleSSLHandshakeError(int error) {
1287 DCHECK(request_); 1287 DCHECK(request_);
1288 HandleClientAuthError(error); 1288 HandleClientAuthError(error);
1289 1289
1290 // Accept deprecated cipher suites, but only on a fallback. This makes UMA 1290 // Accept deprecated cipher suites, but only on a fallback. This makes UMA
1291 // reflect servers require a deprecated cipher rather than merely prefer 1291 // reflect servers require a deprecated cipher rather than merely prefer
1292 // it. This, however, has no security benefit until the ciphers are actually 1292 // it. This, however, has no security benefit until the ciphers are actually
1293 // removed. 1293 // removed.
1294 if (!server_ssl_config_.enable_deprecated_cipher_suites && 1294 if (!server_ssl_config_.deprecated_cipher_suites_enabled &&
1295 (error == ERR_SSL_VERSION_OR_CIPHER_MISMATCH || 1295 (error == ERR_SSL_VERSION_OR_CIPHER_MISMATCH ||
1296 error == ERR_CONNECTION_CLOSED || error == ERR_CONNECTION_RESET)) { 1296 error == ERR_CONNECTION_CLOSED || error == ERR_CONNECTION_RESET)) {
1297 net_log_.AddEvent( 1297 net_log_.AddEvent(
1298 NetLog::TYPE_SSL_CIPHER_FALLBACK, 1298 NetLog::TYPE_SSL_CIPHER_FALLBACK,
1299 base::Bind(&NetLogSSLCipherFallbackCallback, &request_->url, error)); 1299 base::Bind(&NetLogSSLCipherFallbackCallback, &request_->url, error));
1300 server_ssl_config_.enable_deprecated_cipher_suites = true; 1300 server_ssl_config_.deprecated_cipher_suites_enabled = true;
1301 ResetConnectionAndRequestForResend(); 1301 ResetConnectionAndRequestForResend();
1302 return OK; 1302 return OK;
1303 } 1303 }
1304 1304
1305 bool should_fallback = false; 1305 bool should_fallback = false;
1306 uint16 version_max = server_ssl_config_.version_max; 1306 uint16 version_max = server_ssl_config_.version_max;
1307 1307
1308 switch (error) { 1308 switch (error) {
1309 case ERR_CONNECTION_CLOSED: 1309 case ERR_CONNECTION_CLOSED:
1310 case ERR_SSL_PROTOCOL_ERROR: 1310 case ERR_SSL_PROTOCOL_ERROR:
(...skipping 196 matching lines...) Expand 10 before | Expand all | Expand 10 after
1507 1507
1508 // Google servers are known to implement TLS 1.2 and FALLBACK_SCSV, so it 1508 // Google servers are known to implement TLS 1.2 and FALLBACK_SCSV, so it
1509 // should be impossible to successfully connect to them with the fallback. 1509 // should be impossible to successfully connect to them with the fallback.
1510 // This helps estimate intolerant locally-configured SSL MITMs. 1510 // This helps estimate intolerant locally-configured SSL MITMs.
1511 if (is_google) { 1511 if (is_google) {
1512 UMA_HISTOGRAM_ENUMERATION("Net.GoogleConnectionUsedSSLVersionFallback2", 1512 UMA_HISTOGRAM_ENUMERATION("Net.GoogleConnectionUsedSSLVersionFallback2",
1513 fallback, FALLBACK_MAX); 1513 fallback, FALLBACK_MAX);
1514 } 1514 }
1515 1515
1516 UMA_HISTOGRAM_BOOLEAN("Net.ConnectionUsedSSLDeprecatedCipherFallback2", 1516 UMA_HISTOGRAM_BOOLEAN("Net.ConnectionUsedSSLDeprecatedCipherFallback2",
1517 server_ssl_config_.enable_deprecated_cipher_suites); 1517 server_ssl_config_.deprecated_cipher_suites_enabled);
1518 1518
1519 if (server_ssl_config_.version_fallback) { 1519 if (server_ssl_config_.version_fallback) {
1520 // Record the error code which triggered the fallback and the state the 1520 // Record the error code which triggered the fallback and the state the
1521 // handshake was in. 1521 // handshake was in.
1522 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSLFallbackErrorCode", 1522 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSLFallbackErrorCode",
1523 -fallback_error_code_); 1523 -fallback_error_code_);
1524 UMA_HISTOGRAM_ENUMERATION("Net.SSLFallbackFailureState", 1524 UMA_HISTOGRAM_ENUMERATION("Net.SSLFallbackFailureState",
1525 fallback_failure_state_, SSL_FAILURE_MAX); 1525 fallback_failure_state_, SSL_FAILURE_MAX);
1526 } 1526 }
1527 } 1527 }
(...skipping 145 matching lines...) Expand 10 before | Expand all | Expand 10 after
1673 DCHECK(stream_request_); 1673 DCHECK(stream_request_);
1674 1674
1675 // Since the transaction can restart with auth credentials, it may create a 1675 // Since the transaction can restart with auth credentials, it may create a
1676 // stream more than once. Accumulate all of the connection attempts across 1676 // stream more than once. Accumulate all of the connection attempts across
1677 // those streams by appending them to the vector: 1677 // those streams by appending them to the vector:
1678 for (const auto& attempt : stream_request_->connection_attempts()) 1678 for (const auto& attempt : stream_request_->connection_attempts())
1679 connection_attempts_.push_back(attempt); 1679 connection_attempts_.push_back(attempt);
1680 } 1680 }
1681 1681
1682 } // namespace net 1682 } // namespace net
OLDNEW
« no previous file with comments | « components/ssl_config/ssl_config_service_manager_pref.cc ('k') | net/socket/client_socket_pool_manager.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698