Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(90)

Side by Side Diff: net/socket/ssl_client_socket_unittest.cc

Issue 1422293002: Remove RC4 by default. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rebase Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/socket/ssl_client_socket_openssl.cc ('k') | net/ssl/ssl_config.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket.h" 5 #include "net/socket/ssl_client_socket.h"
6 6
7 #include "base/callback_helpers.h" 7 #include "base/callback_helpers.h"
8 #include "base/location.h" 8 #include "base/location.h"
9 #include "base/memory/ref_counted.h" 9 #include "base/memory/ref_counted.h"
10 #include "base/run_loop.h" 10 #include "base/run_loop.h"
(...skipping 2484 matching lines...) Expand 10 before | Expand all | Expand 10 after
2495 // offer the > TLS 1.0 session, so this must have been the session from the 2495 // offer the > TLS 1.0 session, so this must have been the session from the
2496 // first fallback connection. 2496 // first fallback connection.
2497 ASSERT_TRUE(CreateAndConnectSSLClientSocket(fallback_ssl_config, &rv)); 2497 ASSERT_TRUE(CreateAndConnectSSLClientSocket(fallback_ssl_config, &rv));
2498 EXPECT_EQ(OK, rv); 2498 EXPECT_EQ(OK, rv);
2499 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); 2499 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
2500 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); 2500 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
2501 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1, 2501 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1,
2502 SSLConnectionStatusToVersion(ssl_info.connection_status)); 2502 SSLConnectionStatusToVersion(ssl_info.connection_status));
2503 } 2503 }
2504 2504
2505 // Test that RC4 is only enabled if enable_deprecated_cipher_suites is set. 2505 // Test that RC4 is only enabled if rc4_enabled is set.
2506 TEST_F(SSLClientSocketTest, DeprecatedRC4) { 2506 TEST_F(SSLClientSocketTest, RC4Enabled) {
2507 SpawnedTestServer::SSLOptions ssl_options; 2507 SpawnedTestServer::SSLOptions ssl_options;
2508 ssl_options.bulk_ciphers = SpawnedTestServer::SSLOptions::BULK_CIPHER_RC4; 2508 ssl_options.bulk_ciphers = SpawnedTestServer::SSLOptions::BULK_CIPHER_RC4;
2509 ASSERT_TRUE(StartTestServer(ssl_options)); 2509 ASSERT_TRUE(StartTestServer(ssl_options));
2510 2510
2511 // Normal handshakes with RC4 do not work. 2511 // Normal handshakes with RC4 do not work.
2512 SSLConfig ssl_config; 2512 SSLConfig ssl_config;
2513 int rv; 2513 int rv;
2514 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2514 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2515 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv); 2515 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv);
2516 2516
2517 // Enabling deprecated ciphers works fine. 2517 // Enabling RC4 works fine.
2518 ssl_config.enable_deprecated_cipher_suites = true; 2518 ssl_config.rc4_enabled = true;
2519 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2519 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2520 EXPECT_EQ(OK, rv); 2520 EXPECT_EQ(OK, rv);
2521 } 2521 }
2522 2522
2523 // Tests that enabling deprecated ciphers shards the session cache. 2523 // Tests that enabling deprecated ciphers shards the session cache.
2524 TEST_F(SSLClientSocketTest, DeprecatedShardSessionCache) { 2524 TEST_F(SSLClientSocketTest, DeprecatedShardSessionCache) {
2525 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); 2525 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
2526 2526
2527 // Prepare a normal and deprecated SSL config. 2527 // Prepare a normal and deprecated SSL config.
2528 SSLConfig ssl_config; 2528 SSLConfig ssl_config;
2529 SSLConfig deprecated_ssl_config; 2529 SSLConfig deprecated_ssl_config;
2530 deprecated_ssl_config.enable_deprecated_cipher_suites = true; 2530 deprecated_ssl_config.deprecated_cipher_suites_enabled = true;
2531 2531
2532 // Connect with deprecated ciphers enabled to warm the session cache cache. 2532 // Connect with deprecated ciphers enabled to warm the session cache cache.
2533 int rv; 2533 int rv;
2534 ASSERT_TRUE(CreateAndConnectSSLClientSocket(deprecated_ssl_config, &rv)); 2534 ASSERT_TRUE(CreateAndConnectSSLClientSocket(deprecated_ssl_config, &rv));
2535 EXPECT_EQ(OK, rv); 2535 EXPECT_EQ(OK, rv);
2536 SSLInfo ssl_info; 2536 SSLInfo ssl_info;
2537 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); 2537 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
2538 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type); 2538 EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
2539 2539
2540 // Test that re-connecting with deprecated ciphers enabled still resumes. 2540 // Test that re-connecting with deprecated ciphers enabled still resumes.
(...skipping 474 matching lines...) Expand 10 before | Expand all | Expand 10 after
3015 int rv; 3015 int rv;
3016 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv)); 3016 ASSERT_TRUE(CreateAndConnectSSLClientSocket(client_config, &rv));
3017 EXPECT_EQ(OK, rv); 3017 EXPECT_EQ(OK, rv);
3018 3018
3019 std::string proto; 3019 std::string proto;
3020 EXPECT_EQ(SSLClientSocket::kNextProtoUnsupported, 3020 EXPECT_EQ(SSLClientSocket::kNextProtoUnsupported,
3021 sock_->GetNextProto(&proto)); 3021 sock_->GetNextProto(&proto));
3022 } 3022 }
3023 3023
3024 } // namespace net 3024 } // namespace net
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket_openssl.cc ('k') | net/ssl/ssl_config.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698