Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(562)

Unified Diff: net/socket/ssl_client_socket_unittest.cc

Issue 2656953002: Revert of Remove remnants of DHE support. (Closed)
Patch Set: Created 3 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/socket/ssl_client_socket_impl.cc ('k') | net/ssl/ssl_config.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/ssl_client_socket_unittest.cc
diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc
index ec24dcb762deb08e4e428a1ca8ba17a6ce504e44..58c7fa811de607e5ca62b80453a3c009134885d3 100644
--- a/net/socket/ssl_client_socket_unittest.cc
+++ b/net/socket/ssl_client_socket_unittest.cc
@@ -2596,17 +2596,34 @@
EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
}
-// Test that DHE is removed.
-TEST_F(SSLClientSocketTest, NoDHE) {
+// Test that DHE is removed but gives a dedicated error. Also test that the
+// dhe_enabled option can restore it.
+TEST_F(SSLClientSocketTest, DHE) {
SpawnedTestServer::SSLOptions ssl_options;
ssl_options.key_exchanges =
SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA;
ASSERT_TRUE(StartTestServer(ssl_options));
+ // Normal handshakes with DHE do not work, with or without DHE enabled.
SSLConfig ssl_config;
int rv;
ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
+
+ ssl_config.dhe_enabled = true;
+ ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
+ EXPECT_THAT(rv, IsError(ERR_SSL_VERSION_OR_CIPHER_MISMATCH));
+
+ // Enabling deprecated ciphers gives DHE a dedicated error code.
+ ssl_config.dhe_enabled = false;
+ ssl_config.deprecated_cipher_suites_enabled = true;
+ ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
+ EXPECT_THAT(rv, IsError(ERR_SSL_OBSOLETE_CIPHER));
+
+ // Enabling both deprecated ciphers and DHE restores it.
+ ssl_config.dhe_enabled = true;
+ ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
+ EXPECT_THAT(rv, IsOk());
}
// Tests that enabling deprecated ciphers shards the session cache.
@@ -2757,6 +2774,21 @@
client_config.alpn_protos.push_back(kProtoHTTP11);
ASSERT_NO_FATAL_FAILURE(
TestFalseStart(server_options, client_config, false));
+}
+
+// Test that False Start is disabled with DHE_RSA ciphers.
+TEST_F(SSLClientSocketFalseStartTest, DHE_RSA) {
+ SpawnedTestServer::SSLOptions server_options;
+ server_options.key_exchanges =
+ SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA;
+ server_options.bulk_ciphers =
+ SpawnedTestServer::SSLOptions::BULK_CIPHER_AES128GCM;
+ server_options.alpn_protocols.push_back("http/1.1");
+ SSLConfig client_config;
+ client_config.alpn_protos.push_back(kProtoHTTP11);
+ // DHE is only advertised when deprecated ciphers are enabled.
+ client_config.deprecated_cipher_suites_enabled = true;
+ ASSERT_NO_FATAL_FAILURE(TestFalseStart(server_options, client_config, false));
}
// Test that False Start is disabled without an AEAD.
« no previous file with comments | « net/socket/ssl_client_socket_impl.cc ('k') | net/ssl/ssl_config.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698