Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(634)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/ssl/ssl_cipher_suite_names.cc

Issue 1727133002: Expose TLS settings in the Security panel overview, and call out individual obsolete settings. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Also check that connection_status is not zero, which is the case for 3 browser tests. Created 4 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/ssl/ssl_cipher_suite_names.h ('k') | net/ssl/ssl_cipher_suite_names_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/ssl/ssl_cipher_suite_names.cc
diff --git a/net/ssl/ssl_cipher_suite_names.cc b/net/ssl/ssl_cipher_suite_names.cc
index 6f33b8f928fcb766264c5198ac9e0e1e7df99ee5..e2f5e88e5efd66cbfafc9f9df8b79d4415426540 100644
--- a/net/ssl/ssl_cipher_suite_names.cc
+++ b/net/ssl/ssl_cipher_suite_names.cc
@@ -305,6 +305,52 @@ bool GetCipherProperties(uint16_t cipher_suite,
return true;
}
+int ObsoleteSSLStatusForProtocol(int ssl_version) {
+ int obsolete_ssl = net::OBSOLETE_SSL_NONE;
+ if (ssl_version < net::SSL_CONNECTION_VERSION_TLS1_2)
+ obsolete_ssl |= net::OBSOLETE_SSL_MASK_PROTOCOL;
+ return obsolete_ssl;
+}
+
+int ObsoleteSSLStatusForCipherSuite(uint16_t cipher_suite) {
+ int obsolete_ssl = net::OBSOLETE_SSL_NONE;
+
+ int key_exchange, cipher, mac;
+ if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac)) {
+ // Cannot determine/unknown cipher suite. Err on the side of caution.
+ obsolete_ssl |= net::OBSOLETE_SSL_MASK_KEY_EXCHANGE;
+ obsolete_ssl |= net::OBSOLETE_SSL_MASK_CIPHER;
+ return obsolete_ssl;
+ }
+
+ // Only allow ECDHE key exchanges.
+ switch (key_exchange) {
+ case 14: // ECDHE_ECDSA
+ case 16: // ECDHE_RSA
+ case 18: // CECPQ1_RSA
+ case 19: // CECPQ1_ECDSA
+ case 20: // ECDHE_PSK
+ break;
+ default:
+ obsolete_ssl |= net::OBSOLETE_SSL_MASK_KEY_EXCHANGE;
+ }
+
+ switch (cipher) {
+ case 13: // AES_128_GCM
+ case 14: // AES_256_GCM
+ case 17: // CHACHA20_POLY1305
+ break;
+ default:
+ obsolete_ssl |= net::OBSOLETE_SSL_MASK_CIPHER;
+ }
+
+ // Only AEADs allowed.
+ if (mac != kAEADMACValue)
+ obsolete_ssl |= net::OBSOLETE_SSL_MASK_CIPHER;
+
+ return obsolete_ssl;
+}
+
} // namespace
namespace net {
@@ -374,37 +420,16 @@ bool ParseSSLCipherString(const std::string& cipher_string,
return false;
}
-bool IsSecureTLSCipherSuite(uint16_t cipher_suite) {
- int key_exchange, cipher, mac;
- if (!GetCipherProperties(cipher_suite, &key_exchange, &cipher, &mac))
- return false;
-
- // Only allow ECDHE key exchanges.
- switch (key_exchange) {
- case 14: // ECDHE_ECDSA
- case 16: // ECDHE_RSA
- case 18: // CECPQ1_RSA
- case 19: // CECPQ1_ECDSA
- case 20: // ECDHE_PSK
- break;
- default:
- return false;
- }
+int ObsoleteSSLStatus(int connection_status) {
+ int obsolete_ssl = OBSOLETE_SSL_NONE;
- switch (cipher) {
- case 13: // AES_128_GCM
- case 14: // AES_256_GCM
- case 17: // CHACHA20_POLY1305
- break;
- default:
- return false;
- }
+ int ssl_version = SSLConnectionStatusToVersion(connection_status);
+ obsolete_ssl |= ObsoleteSSLStatusForProtocol(ssl_version);
- // Only AEADs allowed.
- if (mac != kAEADMACValue)
- return false;
+ uint16_t cipher_suite = SSLConnectionStatusToCipherSuite(connection_status);
+ obsolete_ssl |= ObsoleteSSLStatusForCipherSuite(cipher_suite);
- return true;
+ return obsolete_ssl;
}
bool IsTLSCipherSuiteAllowedByHTTP2(uint16_t cipher_suite) {
« no previous file with comments | « net/ssl/ssl_cipher_suite_names.h ('k') | net/ssl/ssl_cipher_suite_names_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698