Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(4)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_unittest.cc

Issue 2056343006: Remove DHE. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: fix comment Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« components/ssl_config/ssl_config_service_manager_pref_unittest.cc ('K') | « net/socket/ssl_client_socket_impl.cc ('k') | net/ssl/ssl_config.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket.h" 5 #include "net/socket/ssl_client_socket.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <string.h> 8 #include <string.h>
9 9
10 #include <utility> 10 #include <utility>
(...skipping 2607 matching lines...) Expand 10 before | Expand all | Expand 10 after
2618 // offer the > TLS 1.0 session, so this must have been the session from the 2618 // offer the > TLS 1.0 session, so this must have been the session from the
2619 // first fallback connection. 2619 // first fallback connection.
2620 ASSERT_TRUE(CreateAndConnectSSLClientSocket(fallback_ssl_config, &rv)); 2620 ASSERT_TRUE(CreateAndConnectSSLClientSocket(fallback_ssl_config, &rv));
2621 EXPECT_EQ(OK, rv); 2621 EXPECT_EQ(OK, rv);
2622 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info)); 2622 EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
2623 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type); 2623 EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
2624 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1, 2624 EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1,
2625 SSLConnectionStatusToVersion(ssl_info.connection_status)); 2625 SSLConnectionStatusToVersion(ssl_info.connection_status));
2626 } 2626 }
2627 2627
2628 // Test that DHE is only enabled if deprecated_cipher_suites_enabled is set. 2628 // Test that DHE is removed but gives a dedicated error. Also test that the
2629 TEST_F(SSLClientSocketTest, DHEDeprecated) { 2629 // dhe_enabled option can restore it.
2630 TEST_F(SSLClientSocketTest, DHE) {
2630 SpawnedTestServer::SSLOptions ssl_options; 2631 SpawnedTestServer::SSLOptions ssl_options;
2631 ssl_options.key_exchanges = 2632 ssl_options.key_exchanges =
2632 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA; 2633 SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA;
2633 ASSERT_TRUE(StartTestServer(ssl_options)); 2634 ASSERT_TRUE(StartTestServer(ssl_options));
2634 2635
2635 // Normal handshakes with DHE do not work. 2636 // Normal handshakes with DHE do not work, with or without DHE enabled.
2636 SSLConfig ssl_config; 2637 SSLConfig ssl_config;
2637 int rv; 2638 int rv;
2638 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2639 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2639 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv); 2640 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv);
2640 2641
2641 // Enabling deprecated ciphers works fine. 2642 ssl_config.dhe_enabled = true;
2643 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2644 EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv);
2645
2646 // Enabling deprecated ciphers gives DHE a dedicated error code.
2647 ssl_config.dhe_enabled = false;
2642 ssl_config.deprecated_cipher_suites_enabled = true; 2648 ssl_config.deprecated_cipher_suites_enabled = true;
2643 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv)); 2649 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2650 EXPECT_EQ(ERR_SSL_OBSOLETE_CIPHER, rv);
2651
2652 // Enabling both deprecated ciphers and DHE restores it.
2653 ssl_config.dhe_enabled = true;
2654 ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
2644 EXPECT_EQ(OK, rv); 2655 EXPECT_EQ(OK, rv);
2645 } 2656 }
2646 2657
2647 // Tests that enabling deprecated ciphers shards the session cache. 2658 // Tests that enabling deprecated ciphers shards the session cache.
2648 TEST_F(SSLClientSocketTest, DeprecatedShardSessionCache) { 2659 TEST_F(SSLClientSocketTest, DeprecatedShardSessionCache) {
2649 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions())); 2660 ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
2650 2661
2651 // Prepare a normal and deprecated SSL config. 2662 // Prepare a normal and deprecated SSL config.
2652 SSLConfig ssl_config; 2663 SSLConfig ssl_config;
2653 SSLConfig deprecated_ssl_config; 2664 SSLConfig deprecated_ssl_config;
(...skipping 676 matching lines...) Expand 10 before | Expand all | Expand 10 after
3330 SSLInfo ssl_info; 3341 SSLInfo ssl_info;
3331 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info)); 3342 ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
3332 3343
3333 EXPECT_EQ(ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN, rv); 3344 EXPECT_EQ(ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN, rv);
3334 EXPECT_TRUE(sock_->IsConnected()); 3345 EXPECT_TRUE(sock_->IsConnected());
3335 3346
3336 EXPECT_FALSE(ssl_info.pkp_bypassed); 3347 EXPECT_FALSE(ssl_info.pkp_bypassed);
3337 } 3348 }
3338 3349
3339 } // namespace net 3350 } // namespace net
OLDNEW
« components/ssl_config/ssl_config_service_manager_pref_unittest.cc ('K') | « net/socket/ssl_client_socket_impl.cc ('k') | net/ssl/ssl_config.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698