Index: net/socket/ssl_client_socket_openssl.cc |
=================================================================== |
--- net/socket/ssl_client_socket_openssl.cc (revision 207033) |
+++ net/socket/ssl_client_socket_openssl.cc (working copy) |
@@ -194,7 +194,9 @@ |
case SSL_ERROR_WANT_WRITE: |
return ERR_IO_PENDING; |
case SSL_ERROR_SYSCALL: |
- DVLOG(1) << "OpenSSL SYSCALL error, errno " << errno; |
+ LOG(ERROR) << "OpenSSL SYSCALL error, earliest error code in " |
+ "error queue: " << ERR_peek_error() << ", errno: " |
+ << errno; |
wtc
2013/06/19 16:53:53
Note: I am printing the errno as the original code
|
return ERR_SSL_PROTOCOL_ERROR; |
case SSL_ERROR_SSL: |
return MapOpenSSLErrorSSL(); |
@@ -530,8 +532,9 @@ |
STACK_OF(SSL_CIPHER)* ciphers = SSL_get_ciphers(ssl_); |
DCHECK(ciphers); |
// See SSLConfig::disabled_cipher_suites for description of the suites |
- // disabled by default. |
- std::string command("DEFAULT:!NULL:!aNULL:!IDEA:!FZA"); |
+ // disabled by default. Note that !SHA384 only removes HMAC-SHA384 cipher |
+ // suites, not GCM cipher suites with SHA384 as the handshake hash. |
+ std::string command("DEFAULT:!NULL:!aNULL:!IDEA:!FZA:!SRP:!SHA384:!aECDH"); |
Ryan Sleevi
2013/06/18 23:00:34
Does this also disable SHA-384 from the Signature
wtc
2013/06/19 01:25:16
No. The supported_signature_algorithms list in Ope
|
// Walk through all the installed ciphers, seeing if any need to be |
// appended to the cipher removal |command|. |
for (int i = 0; i < sk_SSL_CIPHER_num(ciphers); ++i) { |