components/ssl_config/ssl_config_service_manager_pref.cc - Issue 1682623002: Disable the TLS version fallback.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: components/ssl_config/ssl_config_service_manager_pref.cc

Issue 1682623002: Disable the TLS version fallback. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: base::FeatureList Created 4 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« components/policy/resources/policy_templates.json ('K') | « components/policy/resources/policy_templates.json ('k') | components/ssl_config/ssl_config_service_manager_pref_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: components/ssl_config/ssl_config_service_manager_pref.cc

diff --git a/components/ssl_config/ssl_config_service_manager_pref.cc b/components/ssl_config/ssl_config_service_manager_pref.cc

index 8d8cf5ce4b90897a42b0ea1975187a0a149532e6..3228d922865a88d89d457e526f317e8674e22b8f 100644

--- a/components/ssl_config/ssl_config_service_manager_pref.cc

+++ b/components/ssl_config/ssl_config_service_manager_pref.cc

@@ -10,6 +10,7 @@

#include <vector>

#include "base/bind.h"

+#include "base/feature_list.h"

#include "base/macros.h"

#include "base/metrics/field_trial.h"

#include "base/single_thread_task_runner.h"

@@ -88,6 +89,10 @@ bool IsRC4EnabledByDefault() {

return base::StartsWith(group_name, "Enabled", base::CompareCase::SENSITIVE);

}

+const base::Feature kSSLVersionFallbackTLSv11 = {

Alexei Svitkine (slow) 2016/02/16 16:25:04 Nit: No =

davidben 2016/02/16 17:01:08 Done.

+ "SSLVersionFallbackTLSv1.1", base::FEATURE_DISABLED_BY_DEFAULT,

+};

} // namespace

////////////////////////////////////////////////////////////////////////////////

@@ -197,6 +202,15 @@ SSLConfigServiceManagerPref::SSLConfigServiceManagerPref(

ssl_config::prefs::kRC4Enabled,

new base::FundamentalValue(IsRC4EnabledByDefault()));

+ // Restore the TLS 1.1 fallback leg if enabled via features.

+ // TODO(davidben): Remove this when the fallback removal has succeeded.

+ // https://crbug.com/536200.

+ if (base::FeatureList::IsEnabled(kSSLVersionFallbackTLSv11)) {

+ local_state->SetDefaultPrefValue(

+ ssl_config::prefs::kSSLVersionFallbackMin,

+ new base::StringValue(switches::kSSLVersionTLSv11));

+ }

PrefChangeRegistrar::NamedChangeCallback local_state_callback =

base::Bind(&SSLConfigServiceManagerPref::OnPreferenceChanged,

base::Unretained(this), local_state);

@@ -294,7 +308,9 @@ void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs(

uint16_t supported_version_max = config->version_max;

config->version_max = std::min(supported_version_max, version_max);

}

- if (version_fallback_min) {

+ // Values below TLS 1.1 are invalid.

+ if (version_fallback_min &&

+ version_fallback_min >= net::SSL_PROTOCOL_VERSION_TLS1_1) {

config->version_fallback_min = version_fallback_min;

}

config->disabled_cipher_suites = disabled_cipher_suites_;