Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
2101283004:
TLS CECPQ1 (experimental post-quantum) ciphers. (Closed)
DescriptionTLS CECPQ1 (experimental post-quantum) ciphers.
These exeperimental and non-standard ciphers are an experiment in
post-quantum key exchange for TLS only (not QUIC). They are not
intended as a de facto standard and will be removed from Chrome in a
year or two.
The key exchange performs a New Hope (post-quantum) and X25519 key
exchange in parallel, using the outputs of both to generate the
pre-master secret.
BUG=
Committed: https://crrev.com/7346da96d0fb2651d5b28912572e57dd20e10874
Cr-Commit-Position: refs/heads/master@{#402705}
Patch Set 1 #
Total comments: 4
Patch Set 2 : davidben review 1 #
Total comments: 2
Patch Set 3 : restore Finch control #Patch Set 4 : disable (temporarily) on ChromeOS #Patch Set 5 : fix unused variable on ChromeOS comiles #Patch Set 6 : Maybe OS_NACL instead of OS_CHROMEOS? #Messages
Total messages: 29 (12 generated)
mab@google.com changed reviewers: + agl@chromium.org, davidben@chromium.org
https://codereview.chromium.org/2101283004/diff/1/net/socket/ssl_client_socke... File net/socket/ssl_client_socket_impl.cc (right): https://codereview.chromium.org/2101283004/diff/1/net/socket/ssl_client_socke... net/socket/ssl_client_socket_impl.cc:90: // easiest mechanism to enable this on desktop only. I think disabled by default is probably right? https://codereview.chromium.org/2101283004/diff/1/net/socket/ssl_client_socke... net/socket/ssl_client_socket_impl.cc:997: "DEFAULT:!SHA256:!SHA384:!DHE-RSA-AES256-GCM-SHA384:!aPSK:!RC4"); DEFAULT is kind of dumb and doesn't work if it's not at the front (probably should fix that...). That said, it just expands to SSL_DEFAULT_CIPHER_SUITE_LIST which expands to "ALL". Since we're already going nuts with "ALL" not actually meaning all ciphers, I'm happy enough saying that DEFAULT will always mean ALL from now on.
https://codereview.chromium.org/2101283004/diff/1/net/socket/ssl_client_socke... File net/socket/ssl_client_socket_impl.cc (right): https://codereview.chromium.org/2101283004/diff/1/net/socket/ssl_client_socke... net/socket/ssl_client_socket_impl.cc:90: // easiest mechanism to enable this on desktop only. Per conversation with agl, I'm removing the Finch call for now. https://codereview.chromium.org/2101283004/diff/1/net/socket/ssl_client_socke... net/socket/ssl_client_socket_impl.cc:997: "DEFAULT:!SHA256:!SHA384:!DHE-RSA-AES256-GCM-SHA384:!aPSK:!RC4"); Sooo ... I should change this to "ALL"? :-)
lgtm https://codereview.chromium.org/2101283004/diff/20001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_impl.cc (right): https://codereview.chromium.org/2101283004/diff/20001/net/socket/ssl_client_s... net/socket/ssl_client_socket_impl.cc:970: // These are experimental, non-standard ciphersuites. They are part of an begin line with two spaces.
https://codereview.chromium.org/2101283004/diff/20001/net/socket/ssl_client_s... File net/socket/ssl_client_socket_impl.cc (right): https://codereview.chromium.org/2101283004/diff/20001/net/socket/ssl_client_s... net/socket/ssl_client_socket_impl.cc:970: // These are experimental, non-standard ciphersuites. They are part of an (moot)
lgtm
The CQ bit was checked by agl@chromium.org
lgtm
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: linux_chromium_chromeos_ozone_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
The CQ bit was checked by mab@google.com
The patchset sent to the CQ was uploaded after l-g-t-m from agl@chromium.org, davidben@chromium.org Link to the patchset: https://codereview.chromium.org/2101283004/#ps60001 (title: "disable (temporarily) on ChromeOS")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: linux_chromium_chromeos_compile_dbg_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
The CQ bit was checked by mab@google.com
The patchset sent to the CQ was uploaded after l-g-t-m from agl@chromium.org, davidben@chromium.org Link to the patchset: https://codereview.chromium.org/2101283004/#ps80001 (title: "fix unused variable on ChromeOS comiles")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: linux_chromium_chromeos_ozone_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_...)
The CQ bit was checked by mab@google.com
The patchset sent to the CQ was uploaded after l-g-t-m from agl@chromium.org, davidben@chromium.org Link to the patchset: https://codereview.chromium.org/2101283004/#ps100001 (title: "Maybe OS_NACL instead of OS_CHROMEOS?")
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
Message was sent while issue was closed.
Committed patchset #6 (id:100001)
Message was sent while issue was closed.
Description was changed from ========== TLS CECPQ1 (experimental post-quantum) ciphers. These exeperimental and non-standard ciphers are an experiment in post-quantum key exchange for TLS only (not QUIC). They are not intended as a de facto standard and will be removed from Chrome in a year or two. The key exchange performs a New Hope (post-quantum) and X25519 key exchange in parallel, using the outputs of both to generate the pre-master secret. BUG= ========== to ========== TLS CECPQ1 (experimental post-quantum) ciphers. These exeperimental and non-standard ciphers are an experiment in post-quantum key exchange for TLS only (not QUIC). They are not intended as a de facto standard and will be removed from Chrome in a year or two. The key exchange performs a New Hope (post-quantum) and X25519 key exchange in parallel, using the outputs of both to generate the pre-master secret. BUG= Committed: https://crrev.com/7346da96d0fb2651d5b28912572e57dd20e10874 Cr-Commit-Position: refs/heads/master@{#402705} ==========
Message was sent while issue was closed.
Patchset 6 (id:??) landed as https://crrev.com/7346da96d0fb2651d5b28912572e57dd20e10874 Cr-Commit-Position: refs/heads/master@{#402705}
Message was sent while issue was closed.
A revert of this CL (patchset #6 id:100001) has been created in https://codereview.chromium.org/2107273002/ by agl@chromium.org. The reason for reverting is: CroNet does not setup FeatureList. See https://bugs.chromium.org/p/chromium/issues/detail?id=624370. |
