net/socket/ssl_client_socket_nss.cc - Issue 22633004: Handle the TLS version fallback on the bad_record_mac alert error in - Code Review

Chromium Code Reviews

chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out

(27)

My Issues | Starred Open | Closed | All

Unified Diff: net/socket/ssl_client_socket_nss.cc

Issue 22633004: Handle the TLS version fallback on the bad_record_mac alert error in (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/

Patch Set: Comment fix Created 7 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

« net/http/http_network_transaction.cc ('K') | « net/http/http_network_transaction.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: net/socket/ssl_client_socket_nss.cc

===================================================================

--- net/socket/ssl_client_socket_nss.cc (revision 216714)

+++ net/socket/ssl_client_socket_nss.cc (working copy)

@@ -1861,15 +1861,6 @@

net_error = ERR_SSL_PROTOCOL_ERROR;

}

- // Some broken SSL devices negotiate TLS 1.0 when sent a TLS 1.1 or 1.2

- // ClientHello, but then return a bad-record-MAC alert. See

- // crbug.com/260358. In order to make the fallback as minimal as possible,

- // this fallback is only triggered for >= TLS 1.1.

- if (net_error == ERR_SSL_BAD_RECORD_MAC_ALERT &&

- ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1_1) {

- net_error = ERR_SSL_PROTOCOL_ERROR;

- }

-

// If not done, stay in this state

if (net_error == ERR_IO_PENDING) {

GotoState(STATE_HANDSHAKE);

« net/http/http_network_transaction.cc ('K') | « net/http/http_network_transaction.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine

This is Rietveld 408576698