OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/http/http_network_transaction.h" | 5 #include "net/http/http_network_transaction.h" |
6 | 6 |
7 #include <set> | 7 #include <set> |
8 #include <utility> | 8 #include <utility> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
(...skipping 1418 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1429 (error == ERR_SSL_VERSION_OR_CIPHER_MISMATCH || | 1429 (error == ERR_SSL_VERSION_OR_CIPHER_MISMATCH || |
1430 error == ERR_CONNECTION_CLOSED || error == ERR_CONNECTION_RESET)) { | 1430 error == ERR_CONNECTION_CLOSED || error == ERR_CONNECTION_RESET)) { |
1431 net_log_.AddEvent( | 1431 net_log_.AddEvent( |
1432 NetLog::TYPE_SSL_CIPHER_FALLBACK, | 1432 NetLog::TYPE_SSL_CIPHER_FALLBACK, |
1433 base::Bind(&NetLogSSLCipherFallbackCallback, &request_->url, error)); | 1433 base::Bind(&NetLogSSLCipherFallbackCallback, &request_->url, error)); |
1434 server_ssl_config_.deprecated_cipher_suites_enabled = true; | 1434 server_ssl_config_.deprecated_cipher_suites_enabled = true; |
1435 ResetConnectionAndRequestForResend(); | 1435 ResetConnectionAndRequestForResend(); |
1436 return OK; | 1436 return OK; |
1437 } | 1437 } |
1438 | 1438 |
| 1439 // TODO(davidben): Remove this code once the dedicated error code is no |
| 1440 // longer needed and the flags to re-enable the fallback expire. |
1439 bool should_fallback = false; | 1441 bool should_fallback = false; |
1440 uint16_t version_max = server_ssl_config_.version_max; | 1442 uint16_t version_max = server_ssl_config_.version_max; |
1441 | 1443 |
1442 switch (error) { | 1444 switch (error) { |
| 1445 // This could be a TLS-intolerant server or a server that chose a |
| 1446 // cipher suite defined only for higher protocol versions (such as |
| 1447 // an TLS 1.1 server that chose a TLS-1.2-only cipher suite). Fall |
| 1448 // back to the next lower version and retry. |
1443 case ERR_CONNECTION_CLOSED: | 1449 case ERR_CONNECTION_CLOSED: |
1444 case ERR_SSL_PROTOCOL_ERROR: | 1450 case ERR_SSL_PROTOCOL_ERROR: |
1445 case ERR_SSL_VERSION_OR_CIPHER_MISMATCH: | 1451 case ERR_SSL_VERSION_OR_CIPHER_MISMATCH: |
1446 if (version_max >= SSL_PROTOCOL_VERSION_TLS1 && | 1452 // Some servers trigger the TLS 1.1 fallback with ERR_CONNECTION_RESET |
| 1453 // (https://crbug.com/433406). |
| 1454 case ERR_CONNECTION_RESET: |
| 1455 // This was added for the TLS 1.0 fallback (https://crbug.com/260358) which |
| 1456 // has since been removed, but other servers may be relying on it for the |
| 1457 // TLS 1.1 fallback. It will be removed with the remainder of the fallback. |
| 1458 case ERR_SSL_BAD_RECORD_MAC_ALERT: |
| 1459 // Fallback down to a TLS 1.1 ClientHello. By default, this is rejected |
| 1460 // but surfaces ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION to help diagnose |
| 1461 // server bugs. |
| 1462 if (version_max >= SSL_PROTOCOL_VERSION_TLS1_2 && |
1447 version_max > server_ssl_config_.version_min) { | 1463 version_max > server_ssl_config_.version_min) { |
1448 // This could be a TLS-intolerant server or a server that chose a | |
1449 // cipher suite defined only for higher protocol versions (such as | |
1450 // an SSL 3.0 server that chose a TLS-only cipher suite). Fall | |
1451 // back to the next lower version and retry. | |
1452 // NOTE: if the SSLClientSocket class doesn't support TLS 1.1, | |
1453 // specifying TLS 1.1 in version_max will result in a TLS 1.0 | |
1454 // handshake, so falling back from TLS 1.1 to TLS 1.0 will simply | |
1455 // repeat the TLS 1.0 handshake. To avoid this problem, the default | |
1456 // version_max should match the maximum protocol version supported | |
1457 // by the SSLClientSocket class. | |
1458 version_max--; | |
1459 | |
1460 // Fallback to the lower SSL version. | |
1461 // While SSL 3.0 fallback should be eliminated because of security | |
1462 // reasons, there is a high risk of breaking the servers if this is | |
1463 // done in general. | |
1464 should_fallback = true; | |
1465 } | |
1466 break; | |
1467 case ERR_CONNECTION_RESET: | |
1468 if (version_max >= SSL_PROTOCOL_VERSION_TLS1_1 && | |
1469 version_max > server_ssl_config_.version_min) { | |
1470 // Some network devices that inspect application-layer packets seem to | |
1471 // inject TCP reset packets to break the connections when they see TLS | |
1472 // 1.1 in ClientHello or ServerHello. See http://crbug.com/130293. | |
1473 // | |
1474 // Only allow ERR_CONNECTION_RESET to trigger a fallback from TLS 1.1 or | |
1475 // 1.2. We don't lose much in this fallback because the explicit IV for | |
1476 // CBC mode in TLS 1.1 is approximated by record splitting in TLS | |
1477 // 1.0. The fallback will be more painful for TLS 1.2 when we have GCM | |
1478 // support. | |
1479 // | |
1480 // ERR_CONNECTION_RESET is a common network error, so we don't want it | |
1481 // to trigger a version fallback in general, especially the TLS 1.0 -> | |
1482 // SSL 3.0 fallback, which would drop TLS extensions. | |
1483 version_max--; | 1464 version_max--; |
1484 should_fallback = true; | 1465 should_fallback = true; |
1485 } | 1466 } |
1486 break; | |
1487 case ERR_SSL_BAD_RECORD_MAC_ALERT: | |
1488 if (version_max >= SSL_PROTOCOL_VERSION_TLS1_1 && | |
1489 version_max > server_ssl_config_.version_min) { | |
1490 // Some broken SSL devices negotiate TLS 1.0 when sent a TLS 1.1 or | |
1491 // 1.2 ClientHello, but then return a bad_record_mac alert. See | |
1492 // crbug.com/260358. In order to make the fallback as minimal as | |
1493 // possible, this fallback is only triggered for >= TLS 1.1. | |
1494 version_max--; | |
1495 should_fallback = true; | |
1496 } | |
1497 break; | 1467 break; |
1498 case ERR_SSL_INAPPROPRIATE_FALLBACK: | 1468 case ERR_SSL_INAPPROPRIATE_FALLBACK: |
1499 // The server told us that we should not have fallen back. A buggy server | 1469 // The server told us that we should not have fallen back. A buggy server |
1500 // could trigger ERR_SSL_INAPPROPRIATE_FALLBACK with the initial | 1470 // could trigger ERR_SSL_INAPPROPRIATE_FALLBACK with the initial |
1501 // connection. |fallback_error_code_| is initialised to | 1471 // connection. |fallback_error_code_| is initialised to |
1502 // ERR_SSL_INAPPROPRIATE_FALLBACK to catch this case. | 1472 // ERR_SSL_INAPPROPRIATE_FALLBACK to catch this case. |
1503 error = fallback_error_code_; | 1473 error = fallback_error_code_; |
1504 break; | 1474 break; |
1505 } | 1475 } |
1506 | 1476 |
(...skipping 309 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1816 DCHECK(stream_request_); | 1786 DCHECK(stream_request_); |
1817 | 1787 |
1818 // Since the transaction can restart with auth credentials, it may create a | 1788 // Since the transaction can restart with auth credentials, it may create a |
1819 // stream more than once. Accumulate all of the connection attempts across | 1789 // stream more than once. Accumulate all of the connection attempts across |
1820 // those streams by appending them to the vector: | 1790 // those streams by appending them to the vector: |
1821 for (const auto& attempt : stream_request_->connection_attempts()) | 1791 for (const auto& attempt : stream_request_->connection_attempts()) |
1822 connection_attempts_.push_back(attempt); | 1792 connection_attempts_.push_back(attempt); |
1823 } | 1793 } |
1824 | 1794 |
1825 } // namespace net | 1795 } // namespace net |
OLD | NEW |