| Index: net/socket/ssl_client_socket_unittest.cc
|
| diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc
|
| index 58c7fa811de607e5ca62b80453a3c009134885d3..39f6f0b28c4f588302d929431a93a65e7fd00929 100644
|
| --- a/net/socket/ssl_client_socket_unittest.cc
|
| +++ b/net/socket/ssl_client_socket_unittest.cc
|
| @@ -2596,87 +2596,6 @@ TEST_F(SSLClientSocketTest, CertificateErrorNoResume) {
|
| EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
|
| }
|
|
|
| -// Test that DHE is removed but gives a dedicated error. Also test that the
|
| -// dhe_enabled option can restore it.
|
| -TEST_F(SSLClientSocketTest, DHE) {
|
| - SpawnedTestServer::SSLOptions ssl_options;
|
| - ssl_options.key_exchanges =
|
| - SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA;
|
| - ASSERT_TRUE(StartTestServer(ssl_options));
|
| -
|
| - // Normal handshakes with DHE do not work, with or without DHE enabled.
|
| - SSLConfig ssl_config;
|
| - int rv;
|
| - ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
|
| - EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
|
| -
|
| - ssl_config.dhe_enabled = true;
|
| - ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
|
| - EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
|
| -
|
| - // Enabling deprecated ciphers gives DHE a dedicated error code.
|
| - ssl_config.dhe_enabled = false;
|
| - ssl_config.deprecated_cipher_suites_enabled = true;
|
| - ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
|
| - EXPECT_THAT(rv, IsError(ERR_SSL_OBSOLETE_CIPHER));
|
| -
|
| - // Enabling both deprecated ciphers and DHE restores it.
|
| - ssl_config.dhe_enabled = true;
|
| - ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
|
| - EXPECT_THAT(rv, IsOk());
|
| -}
|
| -
|
| -// Tests that enabling deprecated ciphers shards the session cache.
|
| -TEST_F(SSLClientSocketTest, DeprecatedShardSessionCache) {
|
| - ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
|
| -
|
| - // Prepare a normal and deprecated SSL config.
|
| - SSLConfig ssl_config;
|
| - SSLConfig deprecated_ssl_config;
|
| - deprecated_ssl_config.deprecated_cipher_suites_enabled = true;
|
| -
|
| - // Connect with deprecated ciphers enabled to warm the session cache cache.
|
| - int rv;
|
| - ASSERT_TRUE(CreateAndConnectSSLClientSocket(deprecated_ssl_config, &rv));
|
| - EXPECT_THAT(rv, IsOk());
|
| - SSLInfo ssl_info;
|
| - EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
|
| - EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
|
| -
|
| - // Test that re-connecting with deprecated ciphers enabled still resumes.
|
| - ASSERT_TRUE(CreateAndConnectSSLClientSocket(deprecated_ssl_config, &rv));
|
| - EXPECT_THAT(rv, IsOk());
|
| - EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
|
| - EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
|
| -
|
| - // However, a normal connection needs a full handshake.
|
| - ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
|
| - EXPECT_THAT(rv, IsOk());
|
| - EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
|
| - EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
|
| -
|
| - // Clear the session cache for the inverse test.
|
| - SSLClientSocket::ClearSessionCache();
|
| -
|
| - // Now make a normal connection to prime the session cache.
|
| - ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
|
| - EXPECT_THAT(rv, IsOk());
|
| - EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
|
| - EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
|
| -
|
| - // A normal connection should be able to resume.
|
| - ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
|
| - EXPECT_THAT(rv, IsOk());
|
| - EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
|
| - EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
|
| -
|
| - // However, enabling deprecated ciphers connects fresh.
|
| - ASSERT_TRUE(CreateAndConnectSSLClientSocket(deprecated_ssl_config, &rv));
|
| - EXPECT_THAT(rv, IsOk());
|
| - EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
|
| - EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
|
| -}
|
| -
|
| TEST_F(SSLClientSocketTest, RequireECDHE) {
|
| // Run test server without ECDHE.
|
| SpawnedTestServer::SSLOptions ssl_options;
|
| @@ -2776,21 +2695,6 @@ TEST_F(SSLClientSocketFalseStartTest, RSA) {
|
| TestFalseStart(server_options, client_config, false));
|
| }
|
|
|
| -// Test that False Start is disabled with DHE_RSA ciphers.
|
| -TEST_F(SSLClientSocketFalseStartTest, DHE_RSA) {
|
| - SpawnedTestServer::SSLOptions server_options;
|
| - server_options.key_exchanges =
|
| - SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA;
|
| - server_options.bulk_ciphers =
|
| - SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM;
|
| - server_options.alpn_protocols.push_back("http/1.1");
|
| - SSLConfig client_config;
|
| - client_config.alpn_protos.push_back(kProtoHTTP11);
|
| - // DHE is only advertised when deprecated ciphers are enabled.
|
| - client_config.deprecated_cipher_suites_enabled = true;
|
| - ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false));
|
| -}
|
| -
|
| // Test that False Start is disabled without an AEAD.
|
| TEST_F(SSLClientSocketFalseStartTest, NoAEAD) {
|
| SpawnedTestServer::SSLOptions server_options;
|
|
|
Chromium Code Reviews
Issue 2653773003:
Remove remnants of DHE support. (Closed)
