net/socket/ssl_client_socket_unittest.cc - Issue 2656953002: Revert of Remove remnants of DHE support.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/socket/ssl_client_socket_unittest.cc

Issue 2656953002: Revert of Remove remnants of DHE support. (Closed)

Patch Set: Created 3 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/socket/ssl_client_socket_unittest.cc

diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc

index ec24dcb762deb08e4e428a1ca8ba17a6ce504e44..58c7fa811de607e5ca62b80453a3c009134885d3 100644

--- a/net/socket/ssl_client_socket_unittest.cc

+++ b/net/socket/ssl_client_socket_unittest.cc

@@ -2596,17 +2596,34 @@

EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);

}

-// Test that DHE is removed.

-TEST_F(SSLClientSocketTest, NoDHE) {

+// Test that DHE is removed but gives a dedicated error. Also test that the

+// dhe_enabled option can restore it.

+TEST_F(SSLClientSocketTest, DHE) {

SpawnedTestServer::SSLOptions ssl_options;

ssl_options.key_exchanges =

SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA;

ASSERT_TRUE(StartTestServer(ssl_options));

+ // Normal handshakes with DHE do not work, with or without DHE enabled.

SSLConfig ssl_config;

int rv;

ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));

EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));

+ ssl_config.dhe_enabled = true;

+ ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));

+ EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));

+ // Enabling deprecated ciphers gives DHE a dedicated error code.

+ ssl_config.dhe_enabled = false;

+ ssl_config.deprecated_cipher_suites_enabled = true;

+ ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));

+ EXPECT_THAT(rv, IsError(ERR_SSL_OBSOLETE_CIPHER));

+ // Enabling both deprecated ciphers and DHE restores it.

+ ssl_config.dhe_enabled = true;

+ ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));

+ EXPECT_THAT(rv, IsOk());

}

// Tests that enabling deprecated ciphers shards the session cache.

@@ -2757,6 +2774,21 @@

client_config.alpn_protos.push_back(kProtoHTTP11);

ASSERT_NO_FATAL_FAILURE(

TestFalseStart(server_options, client_config, false));

+// Test that False Start is disabled with DHE_RSA ciphers.

+TEST_F(SSLClientSocketFalseStartTest, DHE_RSA) {

+ SpawnedTestServer::SSLOptions server_options;

+ server_options.key_exchanges =

+ SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA;

+ server_options.bulk_ciphers =

+ SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM;

+ server_options.alpn_protocols.push_back("http/1.1");

+ SSLConfig client_config;

+ client_config.alpn_protos.push_back(kProtoHTTP11);

+ // DHE is only advertised when deprecated ciphers are enabled.

+ client_config.deprecated_cipher_suites_enabled = true;

+ ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false));

}

// Test that False Start is disabled without an AEAD.

« no previous file with comments | « net/socket/ssl_client_socket_impl.cc ('k') | net/ssl/ssl_config.h » ('j') | no next file with comments »