Remove DHE.

components/ssl_config/ssl_config_service_manager_pref.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 #include "components/ssl_config/ssl_config_service_manager.h"
 
 #include <stdint.h>
 
 #include <algorithm>
 #include <string>
 #include <vector>
 
 #include "base/bind.h"
+#include "base/feature_list.h"
 #include "base/location.h"
 #include "base/macros.h"
 #include "base/single_thread_task_runner.h"
 #include "base/strings/string_util.h"
 #include "base/values.h"
 #include "components/content_settings/core/browser/content_settings_utils.h"
 #include "components/content_settings/core/common/content_settings.h"
 #include "components/prefs/pref_change_registrar.h"
 #include "components/prefs/pref_member.h"
 #include "components/prefs/pref_registry_simple.h"
@@ skipping 52 matching lines @@
   if (version_str == switches::kSSLVersionTLSv1) {
     version = net::SSL_PROTOCOL_VERSION_TLS1;
   } else if (version_str == switches::kSSLVersionTLSv11) {
     version = net::SSL_PROTOCOL_VERSION_TLS1_1;
   } else if (version_str == switches::kSSLVersionTLSv12) {
     version = net::SSL_PROTOCOL_VERSION_TLS1_2;
   }
   return version;
 }
 
+const base::Feature kDHECiphersFeature{
+    "DHECiphers", base::FEATURE_DISABLED_BY_DEFAULT,
+};
+
 }  // namespace
 
 ////////////////////////////////////////////////////////////////////////////////
 //  SSLConfigServicePref
 
 // An SSLConfigService which stores a cached version of the current SSLConfig
 // prefs, which are updated by SSLConfigServiceManagerPref when the prefs
 // change.
 class SSLConfigServicePref : public net::SSLConfigService {
  public:
@@ skipping 66 matching lines @@
   void OnDisabledCipherSuitesChange(PrefService* local_state);
 
   PrefChangeRegistrar local_state_change_registrar_;
 
   // The local_state prefs (should only be accessed from UI thread)
   BooleanPrefMember rev_checking_enabled_;
   BooleanPrefMember rev_checking_required_local_anchors_;
   StringPrefMember ssl_version_min_;
   StringPrefMember ssl_version_max_;
   StringPrefMember ssl_version_fallback_min_;
+  BooleanPrefMember dhe_enabled_;
 
   // The cached list of disabled SSL cipher suites.
   std::vector<uint16_t> disabled_cipher_suites_;
 
   scoped_refptr<SSLConfigServicePref> ssl_config_service_;
 
   scoped_refptr<base::SingleThreadTaskRunner> io_task_runner_;
 
   DISALLOW_COPY_AND_ASSIGN(SSLConfigServiceManagerPref);
 };
 
 SSLConfigServiceManagerPref::SSLConfigServiceManagerPref(
     PrefService* local_state,
     const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner)
     : ssl_config_service_(new SSLConfigServicePref(io_task_runner)),
       io_task_runner_(io_task_runner) {
   DCHECK(local_state);
 
+  // Restore DHE-based ciphers if enabled via features.
+  // TODO(davidben): Remove this when the removal has succeeded.
+  // https://crbug.com/619194.
+  if (base::FeatureList::IsEnabled(kDHECiphersFeature)) {
+    local_state->SetDefaultPrefValue(ssl_config::prefs::kDHEEnabled,
+                                     new base::FundamentalValue(true));
+  }
+
   PrefChangeRegistrar::NamedChangeCallback local_state_callback =
       base::Bind(&SSLConfigServiceManagerPref::OnPreferenceChanged,
                  base::Unretained(this), local_state);
 
   rev_checking_enabled_.Init(ssl_config::prefs::kCertRevocationCheckingEnabled,
                              local_state, local_state_callback);
   rev_checking_required_local_anchors_.Init(
       ssl_config::prefs::kCertRevocationCheckingRequiredLocalAnchors,
       local_state, local_state_callback);
   ssl_version_min_.Init(ssl_config::prefs::kSSLVersionMin, local_state,
                         local_state_callback);
   ssl_version_max_.Init(ssl_config::prefs::kSSLVersionMax, local_state,
                         local_state_callback);
   ssl_version_fallback_min_.Init(ssl_config::prefs::kSSLVersionFallbackMin,
                                  local_state, local_state_callback);
+  dhe_enabled_.Init(ssl_config::prefs::kDHEEnabled, local_state,
+                    local_state_callback);
 
   local_state_change_registrar_.Init(local_state);
   local_state_change_registrar_.Add(ssl_config::prefs::kCipherSuiteBlacklist,
                                     local_state_callback);
 
   OnDisabledCipherSuitesChange(local_state);
 
   // Initialize from UI thread.  This is okay as there shouldn't be anything on
   // the IO thread trying to access it yet.
   GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_);
 }
 
 // static
 void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) {
   net::SSLConfig default_config;
   registry->RegisterBooleanPref(
       ssl_config::prefs::kCertRevocationCheckingEnabled,
       default_config.rev_checking_enabled);
   registry->RegisterBooleanPref(
       ssl_config::prefs::kCertRevocationCheckingRequiredLocalAnchors,
       default_config.rev_checking_required_local_anchors);
   registry->RegisterStringPref(ssl_config::prefs::kSSLVersionMin,
                                std::string());
   registry->RegisterStringPref(ssl_config::prefs::kSSLVersionMax,
                                std::string());
   registry->RegisterStringPref(ssl_config::prefs::kSSLVersionFallbackMin,
                                std::string());
   registry->RegisterListPref(ssl_config::prefs::kCipherSuiteBlacklist);
+  registry->RegisterBooleanPref(ssl_config::prefs::kDHEEnabled,
+                                default_config.dhe_enabled);
 }
 
 net::SSLConfigService* SSLConfigServiceManagerPref::Get() {
   return ssl_config_service_.get();
 }
 
 void SSLConfigServiceManagerPref::OnPreferenceChanged(
     PrefService* prefs,
     const std::string& pref_name_in) {
   DCHECK(prefs);
@@ skipping 36 matching lines @@
   if (version_max) {
     uint16_t supported_version_max = config->version_max;
     config->version_max = std::min(supported_version_max, version_max);
   }
   // Values below TLS 1.1 are invalid.
   if (version_fallback_min &&
       version_fallback_min >= net::SSL_PROTOCOL_VERSION_TLS1_1) {
     config->version_fallback_min = version_fallback_min;
   }
   config->disabled_cipher_suites = disabled_cipher_suites_;
+  config->dhe_enabled = dhe_enabled_.GetValue();
 }
 
 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange(
     PrefService* local_state) {
   const base::ListValue* value =
       local_state->GetList(ssl_config::prefs::kCipherSuiteBlacklist);
   disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value));
 }
 
 ////////////////////////////////////////////////////////////////////////////////
 //  SSLConfigServiceManager
 
 namespace ssl_config {
 // static
 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager(
     PrefService* local_state,
     const scoped_refptr<base::SingleThreadTaskRunner>& io_task_runner) {
   return new SSLConfigServiceManagerPref(local_state, io_task_runner);
 }
 
 // static
 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) {
   SSLConfigServiceManagerPref::RegisterPrefs(registry);
 }
 }  // namespace ssl_config