Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(444)

Unified Diff: net/socket/ssl_client_socket.h

Issue 757033004: Do not use HTTP/2 without adequate security. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Move logic to SSLClientSocket. Created 6 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: net/socket/ssl_client_socket.h
diff --git a/net/socket/ssl_client_socket.h b/net/socket/ssl_client_socket.h
index 11b19a1ec02480d2423187e37a9cb8912367ffa4..b349d6fc9afde77560fe8e546d4b77ade363f08f 100644
--- a/net/socket/ssl_client_socket.h
+++ b/net/socket/ssl_client_socket.h
@@ -209,10 +209,18 @@ class NET_EXPORT SSLClientSocket : public SSLSocket {
const SSLConfig& ssl_config,
ChannelIDService* channel_id_service);
+ // Determine if there is at least one enabled cipher suite and TLS version
+ // that is up to Section 9.2 of the HTTP/2 specification. Note that the
+ // server might still pick an inadequate cipher suite or TLS version.
+ static bool IsSecurityAdequateForHTTP2(
+ const SSLConfig& ssl_config,
+ const std::vector<uint16>& cipher_suites);
+
// Serializes |next_protos| in the wire format for ALPN: protocols are listed
- // in order, each prefixed by a one-byte length.
- static std::vector<uint8_t> SerializeNextProtos(
- const std::vector<std::string>& next_protos);
+ // in order, each prefixed by a one-byte length. Only advertises HTTP2 if
+ // adequate cipher suites and TLS are also advertised.
+ static std::vector<uint8_t> SerializeNextProtos(const SSLConfig& ssl_config,
+ bool advertise_http2);
// For unit testing only.
// Returns the unverified certificate chain as presented by server.

Powered by Google App Engine
This is Rietveld 408576698