Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(691)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/socket/ssl_client_socket_impl.cc

Issue 2056343006: Remove DHE. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: actually connect up the feature flag Created 4 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/base/net_error_list.h ('k') | net/socket/ssl_client_socket_unittest.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/ssl_client_socket_impl.cc
diff --git a/net/socket/ssl_client_socket_impl.cc b/net/socket/ssl_client_socket_impl.cc
index 01acc54ffcfe0c1d2f14381263c74147f1adf978..8614a722e70648661abb8f44b61491ce7dd98b8b 100644
--- a/net/socket/ssl_client_socket_impl.cc
+++ b/net/socket/ssl_client_socket_impl.cc
@@ -1176,6 +1176,16 @@ int SSLClientSocketImpl::DoHandshakeComplete(int result) {
return ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION;
}
+ // DHE is offered on the deprecated cipher fallback and then rejected
+ // afterwards. This is to aid in diagnosing connection failures because a
+ // server requires DHE ciphers.
+ //
+ // TODO(davidben): A few releases after DHE's removal, remove this logic.
+ if (!ssl_config_.dhe_enabled &&
+ SSL_CIPHER_is_DHE(SSL_get_current_cipher(ssl_))) {
+ return ERR_SSL_OBSOLETE_CIPHER;
+ }
+
// Check that if token binding was negotiated, then extended master secret
// must also be negotiated.
if (tb_was_negotiated_ && !SSL_get_extms_support(ssl_))
« no previous file with comments | « net/base/net_error_list.h ('k') | net/socket/ssl_client_socket_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698