Chromium Code Reviews Chromium Code Reviews
Issue 757033004:
Do not use HTTP/2 without adequate security. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: net/socket/ssl_client_socket.h |
| diff --git a/net/socket/ssl_client_socket.h b/net/socket/ssl_client_socket.h |
| index 11b19a1ec02480d2423187e37a9cb8912367ffa4..d61d083d9d0f004f7317dfa5161f08bc223353d9 100644 |
| --- a/net/socket/ssl_client_socket.h |
| +++ b/net/socket/ssl_client_socket.h |
| @@ -209,10 +209,19 @@ class NET_EXPORT SSLClientSocket : public SSLSocket { |
| const SSLConfig& ssl_config, |
| ChannelIDService* channel_id_service); |
| + // Determine if there is at least one enabled cipher suite and TLS version |
| + // that is up to Section 9.2 of the HTTP/2 specification. Note that the |
|
Ryan Hamilton
2014/12/10 21:11:41
s/that is up to/that satisfies/
Bence
2014/12/11 16:50:49
Done.
|
| + // server might still pick an inadequate cipher suite or TLS version. |
| + static bool IsSecurityAdequateForHTTP2( |
| + const SSLConfig& ssl_config, |
| + const std::vector<uint16>& cipher_suites); |
| + |
| // Serializes |next_protos| in the wire format for ALPN: protocols are listed |
| - // in order, each prefixed by a one-byte length. |
| + // in order, each prefixed by a one-byte length. Only advertises HTTP2 if |
| + // adequate cipher suites and TLS are also advertised. |
|
Ryan Hamilton
2014/12/10 21:11:41
Instead of talking about adequate cipher suites an
Bence
2014/12/11 16:50:49
I decided against reversing polarity, because I do
|
| static std::vector<uint8_t> SerializeNextProtos( |
| - const std::vector<std::string>& next_protos); |
| + const std::vector<std::string>& next_protos, |
| + bool advertise_http2); |
| // For unit testing only. |
| // Returns the unverified certificate chain as presented by server. |
