OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket_impl.h" | 5 #include "net/socket/ssl_client_socket_impl.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <string.h> | 8 #include <string.h> |
9 | 9 |
10 #include <algorithm> | 10 #include <algorithm> |
(...skipping 975 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
986 mode.ConfigureFlag(SSL_MODE_RELEASE_BUFFERS, true); | 986 mode.ConfigureFlag(SSL_MODE_RELEASE_BUFFERS, true); |
987 mode.ConfigureFlag(SSL_MODE_CBC_RECORD_SPLITTING, true); | 987 mode.ConfigureFlag(SSL_MODE_CBC_RECORD_SPLITTING, true); |
988 | 988 |
989 mode.ConfigureFlag(SSL_MODE_ENABLE_FALSE_START, | 989 mode.ConfigureFlag(SSL_MODE_ENABLE_FALSE_START, |
990 ssl_config_.false_start_enabled); | 990 ssl_config_.false_start_enabled); |
991 | 991 |
992 SSL_set_mode(ssl_.get(), mode.set_mask); | 992 SSL_set_mode(ssl_.get(), mode.set_mask); |
993 SSL_clear_mode(ssl_.get(), mode.clear_mask); | 993 SSL_clear_mode(ssl_.get(), mode.clear_mask); |
994 | 994 |
995 // Use BoringSSL defaults, but disable HMAC-SHA256 and HMAC-SHA384 ciphers | 995 // Use BoringSSL defaults, but disable HMAC-SHA256 and HMAC-SHA384 ciphers |
996 // (note that SHA256 and SHA384 only select legacy CBC ciphers). Also disable | 996 // (note that SHA256 and SHA384 only select legacy CBC ciphers). |
997 // DHE_RSA_WITH_AES_256_GCM_SHA384. Historically, AES_256_GCM was not | 997 std::string command("ALL:!SHA256:!SHA384:!kDHE:!aPSK:!RC4"); |
998 // supported. As DHE is being deprecated, don't add a cipher only to remove | |
999 // it immediately. | |
1000 // | |
1001 // TODO(davidben): Remove the DHE_RSA_WITH_AES_256_GCM_SHA384 exclusion when | |
1002 // the DHEEnabled administrative policy expires. | |
1003 std::string command( | |
1004 "ALL:!SHA256:!SHA384:!DHE-RSA-AES256-GCM-SHA384:!aPSK:!RC4"); | |
1005 | 998 |
1006 if (ssl_config_.require_ecdhe) | 999 if (ssl_config_.require_ecdhe) |
1007 command.append(":!kRSA:!kDHE"); | 1000 command.append(":!kRSA:!kDHE"); |
1008 | 1001 |
1009 if (!ssl_config_.deprecated_cipher_suites_enabled) { | |
1010 // Only offer DHE on the second handshake. https://crbug.com/538690 | |
1011 command.append(":!kDHE"); | |
1012 } | |
1013 | |
1014 // Additionally disable HMAC-SHA1 ciphers in ECDSA. These are the remaining | 1002 // Additionally disable HMAC-SHA1 ciphers in ECDSA. These are the remaining |
1015 // CBC-mode ECDSA ciphers. | 1003 // CBC-mode ECDSA ciphers. |
1016 if (!AreLegacyECDSACiphersEnabled()) | 1004 if (!AreLegacyECDSACiphersEnabled()) |
1017 command.append("!ECDSA+SHA1"); | 1005 command.append("!ECDSA+SHA1"); |
1018 | 1006 |
1019 // Remove any disabled ciphers. | 1007 // Remove any disabled ciphers. |
1020 for (uint16_t id : ssl_config_.disabled_cipher_suites) { | 1008 for (uint16_t id : ssl_config_.disabled_cipher_suites) { |
1021 const SSL_CIPHER* cipher = SSL_get_cipher_by_value(id); | 1009 const SSL_CIPHER* cipher = SSL_get_cipher_by_value(id); |
1022 if (cipher) { | 1010 if (cipher) { |
1023 command.append(":!"); | 1011 command.append(":!"); |
(...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1154 // handshakes that session was used in before we finished our handshake. This | 1142 // handshakes that session was used in before we finished our handshake. This |
1155 // is only recorded if the session from the cache was actually used, and only | 1143 // is only recorded if the session from the cache was actually used, and only |
1156 // if the ALPN protocol is h2 (under the assumption that TLS 1.3 servers will | 1144 // if the ALPN protocol is h2 (under the assumption that TLS 1.3 servers will |
1157 // be speaking h2). See https://crbug.com/631988. | 1145 // be speaking h2). See https://crbug.com/631988. |
1158 if (ssl_session_cache_lookup_count_ && negotiated_protocol_ == kProtoHTTP2 && | 1146 if (ssl_session_cache_lookup_count_ && negotiated_protocol_ == kProtoHTTP2 && |
1159 SSL_session_reused(ssl_.get())) { | 1147 SSL_session_reused(ssl_.get())) { |
1160 UMA_HISTOGRAM_EXACT_LINEAR("Net.SSLSessionConcurrentLookupCount", | 1148 UMA_HISTOGRAM_EXACT_LINEAR("Net.SSLSessionConcurrentLookupCount", |
1161 ssl_session_cache_lookup_count_, 20); | 1149 ssl_session_cache_lookup_count_, 20); |
1162 } | 1150 } |
1163 | 1151 |
1164 // DHE is offered on the deprecated cipher fallback and then rejected | |
1165 // afterwards. This is to aid in diagnosing connection failures because a | |
1166 // server requires DHE ciphers. | |
1167 // | |
1168 // TODO(davidben): A few releases after DHE's removal, remove this logic. | |
1169 if (!ssl_config_.dhe_enabled && | |
1170 SSL_CIPHER_is_DHE(SSL_get_current_cipher(ssl_.get()))) { | |
1171 return ERR_SSL_OBSOLETE_CIPHER; | |
1172 } | |
1173 | |
1174 // Check that if token binding was negotiated, then extended master secret | 1152 // Check that if token binding was negotiated, then extended master secret |
1175 // and renegotiation indication must also be negotiated. | 1153 // and renegotiation indication must also be negotiated. |
1176 if (tb_was_negotiated_ && | 1154 if (tb_was_negotiated_ && |
1177 !(SSL_get_extms_support(ssl_.get()) && | 1155 !(SSL_get_extms_support(ssl_.get()) && |
1178 SSL_get_secure_renegotiation_support(ssl_.get()))) { | 1156 SSL_get_secure_renegotiation_support(ssl_.get()))) { |
1179 return ERR_SSL_PROTOCOL_ERROR; | 1157 return ERR_SSL_PROTOCOL_ERROR; |
1180 } | 1158 } |
1181 | 1159 |
1182 const uint8_t* alpn_proto = NULL; | 1160 const uint8_t* alpn_proto = NULL; |
1183 unsigned alpn_len = 0; | 1161 unsigned alpn_len = 0; |
(...skipping 878 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2062 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED && | 2040 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED && |
2063 !certificate_requested_) { | 2041 !certificate_requested_) { |
2064 net_error = ERR_SSL_PROTOCOL_ERROR; | 2042 net_error = ERR_SSL_PROTOCOL_ERROR; |
2065 } | 2043 } |
2066 } | 2044 } |
2067 | 2045 |
2068 return net_error; | 2046 return net_error; |
2069 } | 2047 } |
2070 | 2048 |
2071 } // namespace net | 2049 } // namespace net |
OLD | NEW |