Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(188)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 17408011: Advertise support of only the NIST curves P-521, P-384, and P-256 to (Closed)

Created:
7 years, 6 months ago by wtc
Modified:
7 years, 6 months ago
Reviewers:
agl, wtc, Ryan Sleevi, digit1
CC:
chromium-reviews
Visibility:
Public.

Description

[Abandoned. I committed mckev's CL at https://codereview.chromium.org/17425002 instead.] Under some circumstances, certain TLS connections are dropped by certain remote servers when the TLS ClientHello record exceeds 256 bytes. This patch changes the number of ECC formats advertised in the ClientHello to exactly match the same formats advertised by the desktop version of Chromium during TLS negotiation, netting a savings of approximately 50 bytes in the ClientHello record. This effectively eliminates the occurrence of the issue. Patch is named with a 'z' to ensure it is applied after the other patches in the folder when import_from_android.sh is run, since that script processes patches in alphabetical order. Contributed by mckev@amazon.com. Original review URL: https://codereview.chromium.org/17425002 R=agl@chromium.org,digit@chromium.org,wtc@chromium.org BUG=245500 TEST= 1. With V25, Visit http://campusstatebank.com 2. Enter a fictitious username and click "Submit" 3. The "processing login" page appears. 4. Nothing happens. In some cases, the logo will fail to show. 5. With the proposed patch applied, visit http://campusstatebank.com 6. Enter a fictitious username and click "Submit" 7. The "processing login" page appears. 8. The browser is redirected to a page where the password can be entered.

Patch Set 1 #

Patch Set 2 : Based on patch set 2 of mckev's CL #

Patch Set 3 : Remove unneeded contents in z_reduce_client_hello_size.patch #

Patch Set 4 : Remove whitespaces in README.chromium #

Unified diffs Side-by-side diffs Delta from patch set Stats (+169 lines, -27 lines) Patch
M README.chromium View 1 2 3 1 chunk +4 lines, -0 lines 0 comments Download
M openssl/openssl.config View 1 2 chunks +5 lines, -0 lines 0 comments Download
A openssl/patches/reduce_client_hello_size.patch View 1 1 chunk +64 lines, -0 lines 0 comments Download
M openssl/ssl/t1_lib.c View 1 2 chunks +9 lines, -27 lines 0 comments Download
A patches.chromium/z_reduce_client_hello_size.patch View 1 2 1 chunk +87 lines, -0 lines 0 comments Download

Messages

Total messages: 3 (0 generated)
digit1
lgtm By the way, do you recommend to back port this patch to AOSP, or ...
7 years, 6 months ago (2013-06-21 20:47:07 UTC) #1
agl
LGTM
7 years, 6 months ago (2013-06-21 20:51:27 UTC) #2
wtc
7 years, 6 months ago (2013-06-24 17:55:58 UTC) #3
Message was sent while issue was closed. 
On 2013/06/21 20:47:07, digit1 wrote:
> 
> By the way, do you recommend to back port this patch to AOSP, or should we
keep
> it Chromium-specific?

digit1: I think this patch is also appropriate for AOSP.
Ideally, the OpenSSL upstream should provide a build option
for configuring these two lists (s->tlsext_ecpointformatlist
and s->tlsext_ellipticcurvelist) in ClientHello.

Also note that we had to name the patch in patches.chromium/
to start with "Z_" so that it is applied after
x509_hash_name_algorithm_change.patch. Can you come up with
a way to specify the order in which the Chromium-specific
patches are applied? Thanks.

Powered by Google App Engine
This is Rietveld 408576698