OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/socket/ssl_client_socket_impl.h" | 5 #include "net/socket/ssl_client_socket_impl.h" |
6 | 6 |
7 #include <errno.h> | 7 #include <errno.h> |
8 #include <string.h> | 8 #include <string.h> |
9 | 9 |
10 #include <algorithm> | 10 #include <algorithm> |
(...skipping 975 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
986 mode.ConfigureFlag(SSL_MODE_RELEASE_BUFFERS, true); | 986 mode.ConfigureFlag(SSL_MODE_RELEASE_BUFFERS, true); |
987 mode.ConfigureFlag(SSL_MODE_CBC_RECORD_SPLITTING, true); | 987 mode.ConfigureFlag(SSL_MODE_CBC_RECORD_SPLITTING, true); |
988 | 988 |
989 mode.ConfigureFlag(SSL_MODE_ENABLE_FALSE_START, | 989 mode.ConfigureFlag(SSL_MODE_ENABLE_FALSE_START, |
990 ssl_config_.false_start_enabled); | 990 ssl_config_.false_start_enabled); |
991 | 991 |
992 SSL_set_mode(ssl_.get(), mode.set_mask); | 992 SSL_set_mode(ssl_.get(), mode.set_mask); |
993 SSL_clear_mode(ssl_.get(), mode.clear_mask); | 993 SSL_clear_mode(ssl_.get(), mode.clear_mask); |
994 | 994 |
995 // Use BoringSSL defaults, but disable HMAC-SHA256 and HMAC-SHA384 ciphers | 995 // Use BoringSSL defaults, but disable HMAC-SHA256 and HMAC-SHA384 ciphers |
996 // (note that SHA256 and SHA384 only select legacy CBC ciphers). | 996 // (note that SHA256 and SHA384 only select legacy CBC ciphers). Also disable |
997 std::string command("ALL:!SHA256:!SHA384:!kDHE:!aPSK:!RC4"); | 997 // DHE_RSA_WITH_AES_256_GCM_SHA384. Historically, AES_256_GCM was not |
| 998 // supported. As DHE is being deprecated, don't add a cipher only to remove |
| 999 // it immediately. |
| 1000 // |
| 1001 // TODO(davidben): Remove the DHE_RSA_WITH_AES_256_GCM_SHA384 exclusion when |
| 1002 // the DHEEnabled administrative policy expires. |
| 1003 std::string command( |
| 1004 "ALL:!SHA256:!SHA384:!DHE-RSA-AES256-GCM-SHA384:!aPSK:!RC4"); |
998 | 1005 |
999 if (ssl_config_.require_ecdhe) | 1006 if (ssl_config_.require_ecdhe) |
1000 command.append(":!kRSA:!kDHE"); | 1007 command.append(":!kRSA:!kDHE"); |
1001 | 1008 |
| 1009 if (!ssl_config_.deprecated_cipher_suites_enabled) { |
| 1010 // Only offer DHE on the second handshake. https://crbug.com/538690 |
| 1011 command.append(":!kDHE"); |
| 1012 } |
| 1013 |
1002 // Additionally disable HMAC-SHA1 ciphers in ECDSA. These are the remaining | 1014 // Additionally disable HMAC-SHA1 ciphers in ECDSA. These are the remaining |
1003 // CBC-mode ECDSA ciphers. | 1015 // CBC-mode ECDSA ciphers. |
1004 if (!AreLegacyECDSACiphersEnabled()) | 1016 if (!AreLegacyECDSACiphersEnabled()) |
1005 command.append("!ECDSA+SHA1"); | 1017 command.append("!ECDSA+SHA1"); |
1006 | 1018 |
1007 // Remove any disabled ciphers. | 1019 // Remove any disabled ciphers. |
1008 for (uint16_t id : ssl_config_.disabled_cipher_suites) { | 1020 for (uint16_t id : ssl_config_.disabled_cipher_suites) { |
1009 const SSL_CIPHER* cipher = SSL_get_cipher_by_value(id); | 1021 const SSL_CIPHER* cipher = SSL_get_cipher_by_value(id); |
1010 if (cipher) { | 1022 if (cipher) { |
1011 command.append(":!"); | 1023 command.append(":!"); |
(...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1142 // handshakes that session was used in before we finished our handshake. This | 1154 // handshakes that session was used in before we finished our handshake. This |
1143 // is only recorded if the session from the cache was actually used, and only | 1155 // is only recorded if the session from the cache was actually used, and only |
1144 // if the ALPN protocol is h2 (under the assumption that TLS 1.3 servers will | 1156 // if the ALPN protocol is h2 (under the assumption that TLS 1.3 servers will |
1145 // be speaking h2). See https://crbug.com/631988. | 1157 // be speaking h2). See https://crbug.com/631988. |
1146 if (ssl_session_cache_lookup_count_ && negotiated_protocol_ == kProtoHTTP2 && | 1158 if (ssl_session_cache_lookup_count_ && negotiated_protocol_ == kProtoHTTP2 && |
1147 SSL_session_reused(ssl_.get())) { | 1159 SSL_session_reused(ssl_.get())) { |
1148 UMA_HISTOGRAM_EXACT_LINEAR("Net.SSLSessionConcurrentLookupCount", | 1160 UMA_HISTOGRAM_EXACT_LINEAR("Net.SSLSessionConcurrentLookupCount", |
1149 ssl_session_cache_lookup_count_, 20); | 1161 ssl_session_cache_lookup_count_, 20); |
1150 } | 1162 } |
1151 | 1163 |
| 1164 // DHE is offered on the deprecated cipher fallback and then rejected |
| 1165 // afterwards. This is to aid in diagnosing connection failures because a |
| 1166 // server requires DHE ciphers. |
| 1167 // |
| 1168 // TODO(davidben): A few releases after DHE's removal, remove this logic. |
| 1169 if (!ssl_config_.dhe_enabled && |
| 1170 SSL_CIPHER_is_DHE(SSL_get_current_cipher(ssl_.get()))) { |
| 1171 return ERR_SSL_OBSOLETE_CIPHER; |
| 1172 } |
| 1173 |
1152 // Check that if token binding was negotiated, then extended master secret | 1174 // Check that if token binding was negotiated, then extended master secret |
1153 // and renegotiation indication must also be negotiated. | 1175 // and renegotiation indication must also be negotiated. |
1154 if (tb_was_negotiated_ && | 1176 if (tb_was_negotiated_ && |
1155 !(SSL_get_extms_support(ssl_.get()) && | 1177 !(SSL_get_extms_support(ssl_.get()) && |
1156 SSL_get_secure_renegotiation_support(ssl_.get()))) { | 1178 SSL_get_secure_renegotiation_support(ssl_.get()))) { |
1157 return ERR_SSL_PROTOCOL_ERROR; | 1179 return ERR_SSL_PROTOCOL_ERROR; |
1158 } | 1180 } |
1159 | 1181 |
1160 const uint8_t* alpn_proto = NULL; | 1182 const uint8_t* alpn_proto = NULL; |
1161 unsigned alpn_len = 0; | 1183 unsigned alpn_len = 0; |
(...skipping 878 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2040 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED && | 2062 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED && |
2041 !certificate_requested_) { | 2063 !certificate_requested_) { |
2042 net_error = ERR_SSL_PROTOCOL_ERROR; | 2064 net_error = ERR_SSL_PROTOCOL_ERROR; |
2043 } | 2065 } |
2044 } | 2066 } |
2045 | 2067 |
2046 return net_error; | 2068 return net_error; |
2047 } | 2069 } |
2048 | 2070 |
2049 } // namespace net | 2071 } // namespace net |
OLD | NEW |