Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1505)

Unified Diff: net/socket/ssl_client_socket_openssl.cc

Issue 495663002: OpenSSL: Disable ECDSA cipher suites on Windows XP. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Add a test. Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | net/socket/ssl_client_socket_unittest.cc » ('j') | net/socket/ssl_client_socket_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/socket/ssl_client_socket_openssl.cc
diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc
index ed1138f50dd4e08c89fe76ff7a38a29328f6e24a..6a2f332e1b515aac10b939184e50709e1588f69a 100644
--- a/net/socket/ssl_client_socket_openssl.cc
+++ b/net/socket/ssl_client_socket_openssl.cc
@@ -31,6 +31,10 @@
#include "net/ssl/ssl_connection_status_flags.h"
#include "net/ssl/ssl_info.h"
+#if defined(OS_WIN)
+#include "base/win/windows_version.h"
+#endif
+
#if defined(USE_OPENSSL_CERTS)
#include "net/ssl/openssl_client_key_store.h"
#else
@@ -774,6 +778,15 @@ int SSLClientSocketOpenSSL::Init() {
command.append(name);
}
}
+
+ // Disable ECDSA cipher suites on platforms that do not support ECDSA
+ // signed certificates, as servers may use the presence of such
+ // ciphersuites as a hint to send an ECDSA certificate.
+#if defined(OS_WIN)
+ if (base::win::GetVersion() < base::win::VERSION_VISTA)
+ command.append(":!ECDSA");
+#endif
+
int rv = SSL_set_cipher_list(ssl_, command.c_str());
// If this fails (rv = 0) it means there are no ciphers enabled on this SSL.
// This will almost certainly result in the socket failing to complete the
« no previous file with comments | « no previous file | net/socket/ssl_client_socket_unittest.cc » ('j') | net/socket/ssl_client_socket_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698