Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(398)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 23596013: Prefer to generate SHA-1 signatures for TLS 1.2 client authentication if (Closed)

Created:
7 years, 3 months ago by wtc
Modified:
7 years, 3 months ago
Reviewers:
agl, Ryan Sleevi
CC:
chromium-reviews, cbentzel+watch_chromium.org
Visibility:
Public.

Description

Prefer to generate SHA-1 signatures for TLS 1.2 client authentication if the client private key is a 1024-bit RSA or DSA key. Older Estonian ID cards with 1024-bit RSA keys cannot sign SHA-256 hashes. 1024-bit DSA keys were formerly specified to be used with SHA-1 only. R=agl@chromium.org,rsleevi@chromium.org BUG=278370 TEST=manual testing by someone who has an older Estonian ID card Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=221609

Patch Set 1 #

Total comments: 1

Patch Set 2 : Remove ssl_client_socket_nss.cc from the CL (included by mistake) #

Total comments: 1
Unified diffs Side-by-side diffs Delta from patch set Stats (+74 lines, -27 lines) Patch
M net/third_party/nss/README.chromium View 1 chunk +3 lines, -2 lines 0 comments Download
M net/third_party/nss/patches/tls12backuphash.patch View 9 chunks +40 lines, -17 lines 0 comments Download
M net/third_party/nss/ssl/ssl3con.c View 4 chunks +28 lines, -5 lines 1 comment Download
M net/third_party/nss/ssl/sslimpl.h View 1 chunk +3 lines, -3 lines 0 comments Download

Messages

Total messages: 6 (0 generated)
wtc
https://codereview.chromium.org/23596013/diff/1/net/third_party/nss/ssl/ssl3con.c File net/third_party/nss/ssl/ssl3con.c (right): https://codereview.chromium.org/23596013/diff/1/net/third_party/nss/ssl/ssl3con.c#newcode7077 net/third_party/nss/ssl/ssl3con.c:7077: prefer_sha1 = SECKEY_PublicKeyStrength(pubk) <= 128; SECKEY_PublicKeyStrength returns the key ...
7 years, 3 months ago (2013-09-05 21:53:21 UTC) #1
agl
LGTM, although I wasn't adverse to trying the SHA-256 signature and falling back either (assuming ...
7 years, 3 months ago (2013-09-05 21:56:59 UTC) #2
Ryan Sleevi
LGTM, same comment as agl.
7 years, 3 months ago (2013-09-05 21:57:59 UTC) #3
wtc
https://codereview.chromium.org/23596013/diff/6001/net/third_party/nss/ssl/ssl3con.c File net/third_party/nss/ssl/ssl3con.c (right): https://codereview.chromium.org/23596013/diff/6001/net/third_party/nss/ssl/ssl3con.c#newcode6142 net/third_party/nss/ssl/ssl3con.c:6142: } Trying the SHA-256 signature and falling back requires ...
7 years, 3 months ago (2013-09-05 22:18:32 UTC) #4
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/wtc@chromium.org/23596013/6001
7 years, 3 months ago (2013-09-05 22:50:50 UTC) #5
commit-bot: I haz the power
7 years, 3 months ago (2013-09-06 06:40:05 UTC) #6
Message was sent while issue was closed. 
Change committed as 221609

Powered by Google App Engine
This is Rietveld 408576698