Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(67)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/ssl_config/ssl_config_service_manager_pref.cc

Issue 1682623002: Disable the TLS version fallback. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 4 years, 10 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « components/policy/resources/policy_templates.json ('k') | components/ssl_config/ssl_config_service_manager_pref_unittest.cc » ('j') | components/ssl_config/ssl_config_service_manager_pref_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 #include "components/ssl_config/ssl_config_service_manager.h" 4 #include "components/ssl_config/ssl_config_service_manager.h"
5 5
6 #include <stdint.h> 6 #include <stdint.h>
7 7
8 #include <algorithm> 8 #include <algorithm>
9 #include <string> 9 #include <string>
10 #include <vector> 10 #include <vector>
(...skipping 179 matching lines...) Expand 10 before | Expand all | Expand 10 after
190 PrefService* local_state, 190 PrefService* local_state,
191 const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner) 191 const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner)
192 : ssl_config_service_(new SSLConfigServicePref(io_task_runner)), 192 : ssl_config_service_(new SSLConfigServicePref(io_task_runner)),
193 io_task_runner_(io_task_runner) { 193 io_task_runner_(io_task_runner) {
194 DCHECK(local_state); 194 DCHECK(local_state);
195 195
196 local_state->SetDefaultPrefValue( 196 local_state->SetDefaultPrefValue(
197 ssl_config::prefs::kRC4Enabled, 197 ssl_config::prefs::kRC4Enabled,
198 new base::FundamentalValue(IsRC4EnabledByDefault())); 198 new base::FundamentalValue(IsRC4EnabledByDefault()));
199 199
200 // TODO(davidben): Remove this when the fallback removal has succeeded.
201 local_state->SetDefaultPrefValue(
202 ssl_config::prefs::kSSLVersionFallbackMin,
203 new base::StringValue(
204 base::FieldTrialList::FindFullName("SSLVersionFallbackMin")));
Ryan Sleevi 2016/02/09 02:16:12 I think you want to indirect this through a functi
davidben 2016/02/09 02:58:36 I believe these get called at a point where fetch
davidben 2016/02/09 02:59:08 (I believe it's the empty string, not "Default".)
Ryan Sleevi 2016/02/09 03:28:43 I don't believe the RC4 one would necessarily work
davidben 2016/02/09 05:11:56 It works. It's pretty easy to test this with --for
205
200 PrefChangeRegistrar::NamedChangeCallback local_state_callback = 206 PrefChangeRegistrar::NamedChangeCallback local_state_callback =
201 base::Bind(&SSLConfigServiceManagerPref::OnPreferenceChanged, 207 base::Bind(&SSLConfigServiceManagerPref::OnPreferenceChanged,
202 base::Unretained(this), local_state); 208 base::Unretained(this), local_state);
203 209
204 rev_checking_enabled_.Init(ssl_config::prefs::kCertRevocationCheckingEnabled, 210 rev_checking_enabled_.Init(ssl_config::prefs::kCertRevocationCheckingEnabled,
205 local_state, local_state_callback); 211 local_state, local_state_callback);
206 rev_checking_required_local_anchors_.Init( 212 rev_checking_required_local_anchors_.Init(
207 ssl_config::prefs::kCertRevocationCheckingRequiredLocalAnchors, 213 ssl_config::prefs::kCertRevocationCheckingRequiredLocalAnchors,
208 local_state, local_state_callback); 214 local_state, local_state_callback);
209 ssl_version_min_.Init(ssl_config::prefs::kSSLVersionMin, local_state, 215 ssl_version_min_.Init(ssl_config::prefs::kSSLVersionMin, local_state,
(...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after
287 uint16_t version_max = SSLProtocolVersionFromString(version_max_str); 293 uint16_t version_max = SSLProtocolVersionFromString(version_max_str);
288 uint16_t version_fallback_min = 294 uint16_t version_fallback_min =
289 SSLProtocolVersionFromString(version_fallback_min_str); 295 SSLProtocolVersionFromString(version_fallback_min_str);
290 if (version_min) { 296 if (version_min) {
291 config->version_min = version_min; 297 config->version_min = version_min;
292 } 298 }
293 if (version_max) { 299 if (version_max) {
294 uint16_t supported_version_max = config->version_max; 300 uint16_t supported_version_max = config->version_max;
295 config->version_max = std::min(supported_version_max, version_max); 301 config->version_max = std::min(supported_version_max, version_max);
296 } 302 }
297 if (version_fallback_min) { 303 // Values below TLS 1.1 are invalid.
304 if (version_fallback_min &&
305 version_fallback_min >= net::SSL_PROTOCOL_VERSION_TLS1_1) {
298 config->version_fallback_min = version_fallback_min; 306 config->version_fallback_min = version_fallback_min;
299 } 307 }
300 config->disabled_cipher_suites = disabled_cipher_suites_; 308 config->disabled_cipher_suites = disabled_cipher_suites_;
301 config->rc4_enabled = rc4_enabled_.GetValue(); 309 config->rc4_enabled = rc4_enabled_.GetValue();
302 } 310 }
303 311
304 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange( 312 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange(
305 PrefService* local_state) { 313 PrefService* local_state) {
306 const base::ListValue* value = 314 const base::ListValue* value =
307 local_state->GetList(ssl_config::prefs::kCipherSuiteBlacklist); 315 local_state->GetList(ssl_config::prefs::kCipherSuiteBlacklist);
308 disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value)); 316 disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value));
309 } 317 }
310 318
311 //////////////////////////////////////////////////////////////////////////////// 319 ////////////////////////////////////////////////////////////////////////////////
312 // SSLConfigServiceManager 320 // SSLConfigServiceManager
313 321
314 namespace ssl_config { 322 namespace ssl_config {
315 // static 323 // static
316 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager( 324 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager(
317 PrefService* local_state, 325 PrefService* local_state,
318 const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner) { 326 const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner) {
319 return new SSLConfigServiceManagerPref(local_state, io_task_runner); 327 return new SSLConfigServiceManagerPref(local_state, io_task_runner);
320 } 328 }
321 329
322 // static 330 // static
323 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) { 331 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) {
324 SSLConfigServiceManagerPref::RegisterPrefs(registry); 332 SSLConfigServiceManagerPref::RegisterPrefs(registry);
325 } 333 }
326 } // namespace ssl_config 334 } // namespace ssl_config
OLDNEW
« no previous file with comments | « components/policy/resources/policy_templates.json ('k') | components/ssl_config/ssl_config_service_manager_pref_unittest.cc » ('j') | components/ssl_config/ssl_config_service_manager_pref_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698