| Index: net/socket/ssl_client_socket_impl.cc
|
| diff --git a/net/socket/ssl_client_socket_impl.cc b/net/socket/ssl_client_socket_impl.cc
|
| index bcd66037690e803e7ded9f276660fcd24d328cea..80440a31172e9a3d39021cf7a6e3498473fd36b6 100644
|
| --- a/net/socket/ssl_client_socket_impl.cc
|
| +++ b/net/socket/ssl_client_socket_impl.cc
|
| @@ -1178,6 +1178,16 @@ int SSLClientSocketImpl::DoHandshakeComplete(int result) {
|
| return ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION;
|
| }
|
|
|
| + // DHE is offered on the deprecated cipher fallback and then rejected
|
| + // afterwards. This is to aid in diagnosing connection failures because a
|
| + // server requires DHE ciphers.
|
| + //
|
| + // TODO(davidben): A few releases after DHE's removal, remove this logic.
|
| + if (!ssl_config_.dhe_enabled &&
|
| + SSL_CIPHER_is_DHE(SSL_get_current_cipher(ssl_))) {
|
| + return ERR_SSL_OBSOLETE_CIPHER;
|
| + }
|
| +
|
| // Check that if token binding was negotiated, then extended master secret
|
| // must also be negotiated.
|
| if (tb_was_negotiated_ && !SSL_get_extms_support(ssl_))
|
|
|
Chromium Code Reviews
Issue 2056343006:
Remove DHE. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master