OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/http_network_transaction.h" | 5 #include "net/http/http_network_transaction.h" |
6 | 6 |
7 #include <set> | 7 #include <set> |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "base/bind.h" | 10 #include "base/bind.h" |
(...skipping 1273 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1284 // by the endpoint host, request_->url, rather than considering if they were | 1284 // by the endpoint host, request_->url, rather than considering if they were |
1285 // generated by the SSL proxy. http://crbug.com/69329 | 1285 // generated by the SSL proxy. http://crbug.com/69329 |
1286 int HttpNetworkTransaction::HandleSSLHandshakeError(int error) { | 1286 int HttpNetworkTransaction::HandleSSLHandshakeError(int error) { |
1287 DCHECK(request_); | 1287 DCHECK(request_); |
1288 HandleClientAuthError(error); | 1288 HandleClientAuthError(error); |
1289 | 1289 |
1290 // Accept deprecated cipher suites, but only on a fallback. This makes UMA | 1290 // Accept deprecated cipher suites, but only on a fallback. This makes UMA |
1291 // reflect servers require a deprecated cipher rather than merely prefer | 1291 // reflect servers require a deprecated cipher rather than merely prefer |
1292 // it. This, however, has no security benefit until the ciphers are actually | 1292 // it. This, however, has no security benefit until the ciphers are actually |
1293 // removed. | 1293 // removed. |
1294 if (!server_ssl_config_.enable_deprecated_cipher_suites && | 1294 if (!server_ssl_config_.deprecated_cipher_suites_enabled && |
1295 (error == ERR_SSL_VERSION_OR_CIPHER_MISMATCH || | 1295 (error == ERR_SSL_VERSION_OR_CIPHER_MISMATCH || |
1296 error == ERR_CONNECTION_CLOSED || error == ERR_CONNECTION_RESET)) { | 1296 error == ERR_CONNECTION_CLOSED || error == ERR_CONNECTION_RESET)) { |
1297 net_log_.AddEvent( | 1297 net_log_.AddEvent( |
1298 NetLog::TYPE_SSL_CIPHER_FALLBACK, | 1298 NetLog::TYPE_SSL_CIPHER_FALLBACK, |
1299 base::Bind(&NetLogSSLCipherFallbackCallback, &request_->url, error)); | 1299 base::Bind(&NetLogSSLCipherFallbackCallback, &request_->url, error)); |
1300 server_ssl_config_.enable_deprecated_cipher_suites = true; | 1300 server_ssl_config_.deprecated_cipher_suites_enabled = true; |
1301 ResetConnectionAndRequestForResend(); | 1301 ResetConnectionAndRequestForResend(); |
1302 return OK; | 1302 return OK; |
1303 } | 1303 } |
1304 | 1304 |
1305 bool should_fallback = false; | 1305 bool should_fallback = false; |
1306 uint16 version_max = server_ssl_config_.version_max; | 1306 uint16 version_max = server_ssl_config_.version_max; |
1307 | 1307 |
1308 switch (error) { | 1308 switch (error) { |
1309 case ERR_CONNECTION_CLOSED: | 1309 case ERR_CONNECTION_CLOSED: |
1310 case ERR_SSL_PROTOCOL_ERROR: | 1310 case ERR_SSL_PROTOCOL_ERROR: |
(...skipping 196 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1507 | 1507 |
1508 // Google servers are known to implement TLS 1.2 and FALLBACK_SCSV, so it | 1508 // Google servers are known to implement TLS 1.2 and FALLBACK_SCSV, so it |
1509 // should be impossible to successfully connect to them with the fallback. | 1509 // should be impossible to successfully connect to them with the fallback. |
1510 // This helps estimate intolerant locally-configured SSL MITMs. | 1510 // This helps estimate intolerant locally-configured SSL MITMs. |
1511 if (is_google) { | 1511 if (is_google) { |
1512 UMA_HISTOGRAM_ENUMERATION("Net.GoogleConnectionUsedSSLVersionFallback2", | 1512 UMA_HISTOGRAM_ENUMERATION("Net.GoogleConnectionUsedSSLVersionFallback2", |
1513 fallback, FALLBACK_MAX); | 1513 fallback, FALLBACK_MAX); |
1514 } | 1514 } |
1515 | 1515 |
1516 UMA_HISTOGRAM_BOOLEAN("Net.ConnectionUsedSSLDeprecatedCipherFallback2", | 1516 UMA_HISTOGRAM_BOOLEAN("Net.ConnectionUsedSSLDeprecatedCipherFallback2", |
1517 server_ssl_config_.enable_deprecated_cipher_suites); | 1517 server_ssl_config_.deprecated_cipher_suites_enabled); |
1518 | 1518 |
1519 if (server_ssl_config_.version_fallback) { | 1519 if (server_ssl_config_.version_fallback) { |
1520 // Record the error code which triggered the fallback and the state the | 1520 // Record the error code which triggered the fallback and the state the |
1521 // handshake was in. | 1521 // handshake was in. |
1522 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSLFallbackErrorCode", | 1522 UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSLFallbackErrorCode", |
1523 -fallback_error_code_); | 1523 -fallback_error_code_); |
1524 UMA_HISTOGRAM_ENUMERATION("Net.SSLFallbackFailureState", | 1524 UMA_HISTOGRAM_ENUMERATION("Net.SSLFallbackFailureState", |
1525 fallback_failure_state_, SSL_FAILURE_MAX); | 1525 fallback_failure_state_, SSL_FAILURE_MAX); |
1526 } | 1526 } |
1527 } | 1527 } |
(...skipping 145 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1673 DCHECK(stream_request_); | 1673 DCHECK(stream_request_); |
1674 | 1674 |
1675 // Since the transaction can restart with auth credentials, it may create a | 1675 // Since the transaction can restart with auth credentials, it may create a |
1676 // stream more than once. Accumulate all of the connection attempts across | 1676 // stream more than once. Accumulate all of the connection attempts across |
1677 // those streams by appending them to the vector: | 1677 // those streams by appending them to the vector: |
1678 for (const auto& attempt : stream_request_->connection_attempts()) | 1678 for (const auto& attempt : stream_request_->connection_attempts()) |
1679 connection_attempts_.push_back(attempt); | 1679 connection_attempts_.push_back(attempt); |
1680 } | 1680 } |
1681 | 1681 |
1682 } // namespace net | 1682 } // namespace net |
OLD | NEW |