Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(314)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_nss.cc

Issue 1422293002: Remove RC4 by default. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rebase Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/socket/client_socket_pool_manager.cc ('k') | net/socket/ssl_client_socket_openssl.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived 5 // This file includes code SSLClientSocketNSS::DoVerifyCertComplete() derived
6 // from AuthCertificateCallback() in 6 // from AuthCertificateCallback() in
7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp. 7 // mozilla/security/manager/ssl/src/nsNSSCallbacks.cpp.
8 8
9 /* ***** BEGIN LICENSE BLOCK ***** 9 /* ***** BEGIN LICENSE BLOCK *****
10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 10 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
(...skipping 2762 matching lines...) Expand 10 before | Expand all | Expand 10 after
2773 } 2773 }
2774 2774
2775 for (std::vector<uint16>::const_iterator it = 2775 for (std::vector<uint16>::const_iterator it =
2776 ssl_config_.disabled_cipher_suites.begin(); 2776 ssl_config_.disabled_cipher_suites.begin();
2777 it != ssl_config_.disabled_cipher_suites.end(); ++it) { 2777 it != ssl_config_.disabled_cipher_suites.end(); ++it) {
2778 // This will fail if the specified cipher is not implemented by NSS, but 2778 // This will fail if the specified cipher is not implemented by NSS, but
2779 // the failure is harmless. 2779 // the failure is harmless.
2780 SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE); 2780 SSL_CipherPrefSet(nss_fd_, *it, PR_FALSE);
2781 } 2781 }
2782 2782
2783 if (!ssl_config_.enable_deprecated_cipher_suites) { 2783 if (!ssl_config_.rc4_enabled) {
2784 const PRUint16* const ssl_ciphers = SSL_GetImplementedCiphers(); 2784 const PRUint16* const ssl_ciphers = SSL_GetImplementedCiphers();
2785 const PRUint16 num_ciphers = SSL_GetNumImplementedCiphers(); 2785 const PRUint16 num_ciphers = SSL_GetNumImplementedCiphers();
2786 for (int i = 0; i < num_ciphers; i++) { 2786 for (int i = 0; i < num_ciphers; i++) {
2787 SSLCipherSuiteInfo info; 2787 SSLCipherSuiteInfo info;
2788 if (SSL_GetCipherSuiteInfo(ssl_ciphers[i], &info, sizeof(info)) != 2788 if (SSL_GetCipherSuiteInfo(ssl_ciphers[i], &info, sizeof(info)) !=
2789 SECSuccess) { 2789 SECSuccess) {
2790 continue; 2790 continue;
2791 } 2791 }
2792 if (info.symCipher == ssl_calg_rc4) 2792 if (info.symCipher == ssl_calg_rc4)
2793 SSL_CipherPrefSet(nss_fd_, ssl_ciphers[i], PR_FALSE); 2793 SSL_CipherPrefSet(nss_fd_, ssl_ciphers[i], PR_FALSE);
(...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after
2899 case SSL_PROTOCOL_VERSION_TLS1_1: 2899 case SSL_PROTOCOL_VERSION_TLS1_1:
2900 peer_id += "tls1.1"; 2900 peer_id += "tls1.1";
2901 break; 2901 break;
2902 case SSL_PROTOCOL_VERSION_TLS1_2: 2902 case SSL_PROTOCOL_VERSION_TLS1_2:
2903 peer_id += "tls1.2"; 2903 peer_id += "tls1.2";
2904 break; 2904 break;
2905 default: 2905 default:
2906 NOTREACHED(); 2906 NOTREACHED();
2907 } 2907 }
2908 peer_id += "/"; 2908 peer_id += "/";
2909 if (ssl_config_.enable_deprecated_cipher_suites) 2909 if (ssl_config_.deprecated_cipher_suites_enabled)
2910 peer_id += "deprecated"; 2910 peer_id += "deprecated";
2911 2911
2912 peer_id += "/"; 2912 peer_id += "/";
2913 if (ssl_config_.channel_id_enabled) 2913 if (ssl_config_.channel_id_enabled)
2914 peer_id += "channelid"; 2914 peer_id += "channelid";
2915 2915
2916 SECStatus rv = SSL_SetSockPeerID(nss_fd_, const_cast<char*>(peer_id.c_str())); 2916 SECStatus rv = SSL_SetSockPeerID(nss_fd_, const_cast<char*>(peer_id.c_str()));
2917 if (rv != SECSuccess) 2917 if (rv != SECSuccess)
2918 LogFailedNSSFunction(net_log_, "SSL_SetSockPeerID", peer_id.c_str()); 2918 LogFailedNSSFunction(net_log_, "SSL_SetSockPeerID", peer_id.c_str());
2919 2919
(...skipping 269 matching lines...) Expand 10 before | Expand all | Expand 10 after
3189 return channel_id_service_; 3189 return channel_id_service_;
3190 } 3190 }
3191 3191
3192 SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const { 3192 SSLFailureState SSLClientSocketNSS::GetSSLFailureState() const {
3193 if (completed_handshake_) 3193 if (completed_handshake_)
3194 return SSL_FAILURE_NONE; 3194 return SSL_FAILURE_NONE;
3195 return SSL_FAILURE_UNKNOWN; 3195 return SSL_FAILURE_UNKNOWN;
3196 } 3196 }
3197 3197
3198 } // namespace net 3198 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/client_socket_pool_manager.cc ('k') | net/socket/ssl_client_socket_openssl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698