OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // OpenSSL binding for SSLClientSocket. The class layout and general principle | 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle |
6 // of operation is derived from SSLClientSocketNSS. | 6 // of operation is derived from SSLClientSocketNSS. |
7 | 7 |
8 #include "net/socket/ssl_client_socket_openssl.h" | 8 #include "net/socket/ssl_client_socket_openssl.h" |
9 | 9 |
10 #include <errno.h> | 10 #include <errno.h> |
(...skipping 870 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
881 | 881 |
882 // See SSLConfig::disabled_cipher_suites for description of the suites | 882 // See SSLConfig::disabled_cipher_suites for description of the suites |
883 // disabled by default. Note that SHA256 and SHA384 only select HMAC-SHA256 | 883 // disabled by default. Note that SHA256 and SHA384 only select HMAC-SHA256 |
884 // and HMAC-SHA384 cipher suites, not GCM cipher suites with SHA256 or SHA384 | 884 // and HMAC-SHA384 cipher suites, not GCM cipher suites with SHA256 or SHA384 |
885 // as the handshake hash. | 885 // as the handshake hash. |
886 std::string command("DEFAULT:!SHA256:-SHA384:!AESGCM+AES256:!aPSK"); | 886 std::string command("DEFAULT:!SHA256:-SHA384:!AESGCM+AES256:!aPSK"); |
887 | 887 |
888 if (ssl_config_.require_ecdhe) | 888 if (ssl_config_.require_ecdhe) |
889 command.append(":!kRSA:!kDHE"); | 889 command.append(":!kRSA:!kDHE"); |
890 | 890 |
891 if (!ssl_config_.enable_deprecated_cipher_suites) { | 891 if (!ssl_config_.rc4_enabled) |
892 command.append(":!RC4"); | 892 command.append(":!RC4"); |
893 } else { | 893 |
| 894 if (ssl_config_.deprecated_cipher_suites_enabled) { |
894 // Add TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 under a fallback. This is | 895 // Add TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 under a fallback. This is |
895 // believed to work around a bug in some out-of-date Microsoft IIS servers | 896 // believed to work around a bug in some out-of-date Microsoft IIS servers |
896 // which cause them to require the version downgrade | 897 // which cause them to require the version downgrade |
897 // (https://crbug.com/433406). | 898 // (https://crbug.com/433406). |
898 command.append(":ECDHE-RSA-AES256-SHA384"); | 899 command.append(":ECDHE-RSA-AES256-SHA384"); |
899 } | 900 } |
900 | 901 |
901 // Remove any disabled ciphers. | 902 // Remove any disabled ciphers. |
902 for (uint16_t id : ssl_config_.disabled_cipher_suites) { | 903 for (uint16_t id : ssl_config_.disabled_cipher_suites) { |
903 const SSL_CIPHER* cipher = SSL_get_cipher_by_value(id); | 904 const SSL_CIPHER* cipher = SSL_get_cipher_by_value(id); |
(...skipping 1142 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2046 result.append("tls1.1"); | 2047 result.append("tls1.1"); |
2047 break; | 2048 break; |
2048 case SSL_PROTOCOL_VERSION_TLS1_2: | 2049 case SSL_PROTOCOL_VERSION_TLS1_2: |
2049 result.append("tls1.2"); | 2050 result.append("tls1.2"); |
2050 break; | 2051 break; |
2051 default: | 2052 default: |
2052 NOTREACHED(); | 2053 NOTREACHED(); |
2053 } | 2054 } |
2054 | 2055 |
2055 result.append("/"); | 2056 result.append("/"); |
2056 if (ssl_config_.enable_deprecated_cipher_suites) | 2057 if (ssl_config_.deprecated_cipher_suites_enabled) |
2057 result.append("deprecated"); | 2058 result.append("deprecated"); |
2058 | 2059 |
2059 result.append("/"); | 2060 result.append("/"); |
2060 if (ssl_config_.channel_id_enabled) | 2061 if (ssl_config_.channel_id_enabled) |
2061 result.append("channelid"); | 2062 result.append("channelid"); |
2062 | 2063 |
2063 return result; | 2064 return result; |
2064 } | 2065 } |
2065 | 2066 |
2066 bool SSLClientSocketOpenSSL::IsRenegotiationAllowed() const { | 2067 bool SSLClientSocketOpenSSL::IsRenegotiationAllowed() const { |
(...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2158 OnHandshakeIOComplete(signature_result_); | 2159 OnHandshakeIOComplete(signature_result_); |
2159 return; | 2160 return; |
2160 } | 2161 } |
2161 | 2162 |
2162 // During a renegotiation, either Read or Write calls may be blocked on an | 2163 // During a renegotiation, either Read or Write calls may be blocked on an |
2163 // asynchronous private key operation. | 2164 // asynchronous private key operation. |
2164 PumpReadWriteEvents(); | 2165 PumpReadWriteEvents(); |
2165 } | 2166 } |
2166 | 2167 |
2167 } // namespace net | 2168 } // namespace net |
OLD | NEW |