| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/socket/nss_ssl_util.h" | 5 #include "net/socket/nss_ssl_util.h" |
| 6 | 6 |
| 7 #include <nss.h> | 7 #include <nss.h> |
| 8 #include <secerr.h> | 8 #include <secerr.h> |
| 9 #include <ssl.h> | 9 #include <ssl.h> |
| 10 #include <sslerr.h> | 10 #include <sslerr.h> |
| (...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 141 | 141 |
| 142 // Calculate the order of ciphers that we'll use for NSS sockets. (Note | 142 // Calculate the order of ciphers that we'll use for NSS sockets. (Note |
| 143 // that, even if a cipher is specified in the ordering, it must still be | 143 // that, even if a cipher is specified in the ordering, it must still be |
| 144 // enabled in order to be included in a ClientHello.) | 144 // enabled in order to be included in a ClientHello.) |
| 145 // | 145 // |
| 146 // Our top preference cipher suites are either forward-secret AES-GCM or | 146 // Our top preference cipher suites are either forward-secret AES-GCM or |
| 147 // forward-secret ChaCha20-Poly1305. If the local machine has AES-NI then | 147 // forward-secret ChaCha20-Poly1305. If the local machine has AES-NI then |
| 148 // we prefer AES-GCM, otherwise ChaCha20. The remainder of the cipher suite | 148 // we prefer AES-GCM, otherwise ChaCha20. The remainder of the cipher suite |
| 149 // preference is inheriented from NSS. */ | 149 // preference is inheriented from NSS. */ |
| 150 static const uint16_t chacha_ciphers[] = { | 150 static const uint16_t chacha_ciphers[] = { |
| 151 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, | 151 TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, |
| 152 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, 0, | 152 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, |
| 153 TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, 0, |
| 153 }; | 154 }; |
| 154 static const uint16_t aes_gcm_ciphers[] = { | 155 static const uint16_t aes_gcm_ciphers[] = { |
| 155 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, | 156 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, |
| 156 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, | 157 TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, |
| 157 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 0, | 158 TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, 0, |
| 158 }; | 159 }; |
| 159 scoped_ptr<uint16_t[]> ciphers(new uint16_t[num_ciphers]); | 160 scoped_ptr<uint16_t[]> ciphers(new uint16_t[num_ciphers]); |
| 160 memcpy(ciphers.get(), ssl_ciphers, sizeof(uint16_t) * num_ciphers); | 161 memcpy(ciphers.get(), ssl_ciphers, sizeof(uint16_t) * num_ciphers); |
| 161 | 162 |
| 162 if (CiphersRemove(chacha_ciphers, ciphers.get(), num_ciphers) && | 163 if (CiphersRemove(chacha_ciphers, ciphers.get(), num_ciphers) && |
| (...skipping 239 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 402 base::Bind(&NetLogSSLFailedNSSFunctionCallback, | 403 base::Bind(&NetLogSSLFailedNSSFunctionCallback, |
| 403 function, param, PR_GetError())); | 404 function, param, PR_GetError())); |
| 404 } | 405 } |
| 405 | 406 |
| 406 NetLog::ParametersCallback CreateNetLogSSLErrorCallback(int net_error, | 407 NetLog::ParametersCallback CreateNetLogSSLErrorCallback(int net_error, |
| 407 int ssl_lib_error) { | 408 int ssl_lib_error) { |
| 408 return base::Bind(&NetLogSSLErrorCallback, net_error, ssl_lib_error); | 409 return base::Bind(&NetLogSSLErrorCallback, net_error, ssl_lib_error); |
| 409 } | 410 } |
| 410 | 411 |
| 411 } // namespace net | 412 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1844813002:
Uprev NSS to 3.23 on iOS (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master