| Index: chrome/browser/net/ssl_config_service_manager_pref.cc
|
| diff --git a/chrome/browser/net/ssl_config_service_manager_pref.cc b/chrome/browser/net/ssl_config_service_manager_pref.cc
|
| index 9ae274744a4a0c1d32c4953412f5b690a975892d..61e0786530a36fc7c6c80ae495a0c24742e8f37b 100644
|
| --- a/chrome/browser/net/ssl_config_service_manager_pref.cc
|
| +++ b/chrome/browser/net/ssl_config_service_manager_pref.cc
|
| @@ -174,6 +174,7 @@ class SSLConfigServiceManagerPref
|
| BooleanPrefMember rev_checking_required_local_anchors_;
|
| StringPrefMember ssl_version_min_;
|
| StringPrefMember ssl_version_max_;
|
| + StringPrefMember ssl_version_fallback_min_;
|
| BooleanPrefMember ssl_record_splitting_disabled_;
|
|
|
| // The cached list of disabled SSL cipher suites.
|
| @@ -204,6 +205,8 @@ SSLConfigServiceManagerPref::SSLConfigServiceManagerPref(
|
| prefs::kSSLVersionMin, local_state, local_state_callback);
|
| ssl_version_max_.Init(
|
| prefs::kSSLVersionMax, local_state, local_state_callback);
|
| + ssl_version_fallback_min_.Init(
|
| + prefs::kSSLVersionFallbackMin, local_state, local_state_callback);
|
| ssl_record_splitting_disabled_.Init(
|
| prefs::kDisableSSLRecordSplitting, local_state, local_state_callback);
|
|
|
| @@ -230,8 +233,12 @@ void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) {
|
| SSLProtocolVersionToString(default_config.version_min);
|
| std::string version_max_str =
|
| SSLProtocolVersionToString(default_config.version_max);
|
| + std::string version_fallback_min_str =
|
| + SSLProtocolVersionToString(default_config.version_fallback_min);
|
| registry->RegisterStringPref(prefs::kSSLVersionMin, version_min_str);
|
| registry->RegisterStringPref(prefs::kSSLVersionMax, version_max_str);
|
| + registry->RegisterStringPref(prefs::kSSLVersionFallbackMin,
|
| + version_fallback_min_str);
|
| registry->RegisterBooleanPref(prefs::kDisableSSLRecordSplitting,
|
| !default_config.false_start_enabled);
|
| registry->RegisterListPref(prefs::kCipherSuiteBlacklist);
|
| @@ -275,10 +282,14 @@ void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs(
|
| rev_checking_required_local_anchors_.GetValue();
|
| std::string version_min_str = ssl_version_min_.GetValue();
|
| std::string version_max_str = ssl_version_max_.GetValue();
|
| + std::string version_fallback_min_str = ssl_version_fallback_min_.GetValue();
|
| config->version_min = net::kDefaultSSLVersionMin;
|
| config->version_max = net::kDefaultSSLVersionMax;
|
| + config->version_fallback_min = net::kDefaultSSLVersionFallbackMin;
|
| uint16 version_min = SSLProtocolVersionFromString(version_min_str);
|
| uint16 version_max = SSLProtocolVersionFromString(version_max_str);
|
| + uint16 version_fallback_min =
|
| + SSLProtocolVersionFromString(version_fallback_min_str);
|
| if (version_min) {
|
| // TODO(wtc): get the minimum SSL protocol version supported by the
|
| // SSLClientSocket class. Right now it happens to be the same as the
|
| @@ -293,6 +304,9 @@ void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs(
|
| uint16 supported_version_max = config->version_max;
|
| config->version_max = std::min(supported_version_max, version_max);
|
| }
|
| + if (version_fallback_min) {
|
| + config->version_fallback_min = version_fallback_min;
|
| + }
|
| config->disabled_cipher_suites = disabled_cipher_suites_;
|
| // disabling False Start also happens to disable record splitting.
|
| config->false_start_enabled = !ssl_record_splitting_disabled_.GetValue();
|
|
|
Chromium Code Reviews
Issue 619463002:
net: disable SSLv3 fallback. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master