Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(424)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_impl.cc

Issue 2442883002: Remove ECDSA CBC ciphers. (Closed)
Patch Set: Created 4 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/socket/ssl_client_socket_impl.h" 5 #include "net/socket/ssl_client_socket_impl.h"
6 6
7 #include <errno.h> 7 #include <errno.h>
8 #include <openssl/bio.h> 8 #include <openssl/bio.h>
9 #include <openssl/bytestring.h> 9 #include <openssl/bytestring.h>
10 #include <openssl/err.h> 10 #include <openssl/err.h>
(...skipping 902 matching lines...) Expand 10 before | Expand all | Expand 10 after
913 913
914 mode.ConfigureFlag(SSL_MODE_RELEASE_BUFFERS, true); 914 mode.ConfigureFlag(SSL_MODE_RELEASE_BUFFERS, true);
915 mode.ConfigureFlag(SSL_MODE_CBC_RECORD_SPLITTING, true); 915 mode.ConfigureFlag(SSL_MODE_CBC_RECORD_SPLITTING, true);
916 916
917 mode.ConfigureFlag(SSL_MODE_ENABLE_FALSE_START, 917 mode.ConfigureFlag(SSL_MODE_ENABLE_FALSE_START,
918 ssl_config_.false_start_enabled); 918 ssl_config_.false_start_enabled);
919 919
920 SSL_set_mode(ssl_.get(), mode.set_mask); 920 SSL_set_mode(ssl_.get(), mode.set_mask);
921 SSL_clear_mode(ssl_.get(), mode.clear_mask); 921 SSL_clear_mode(ssl_.get(), mode.clear_mask);
922 922
923 // Use BoringSSL defaults, but disable HMAC-SHA256 and HMAC-SHA384 ciphers
924 // (note that SHA256 and SHA384 only select legacy CBC ciphers). Also disable
925 // DHE_RSA_WITH_AES_256_GCM_SHA384. Historically, AES_256_GCM was not
926 // supported. As DHE is being deprecated, don't add a cipher only to remove it
927 // immediately.
928 std::string command; 923 std::string command;
929 if (SSLClientSocket::IsPostQuantumExperimentEnabled()) { 924 if (SSLClientSocket::IsPostQuantumExperimentEnabled()) {
930 // These are experimental, non-standard ciphersuites. They are part of an 925 // These are experimental, non-standard ciphersuites. They are part of an
931 // experiment in post-quantum cryptography. They're not intended to 926 // experiment in post-quantum cryptography. They're not intended to
932 // represent a de-facto standard, and will be removed from BoringSSL in 927 // represent a de-facto standard, and will be removed from BoringSSL in
933 // ~2018. 928 // ~2018.
934 if (EVP_has_aes_hardware()) { 929 if (EVP_has_aes_hardware()) {
935 command.append( 930 command.append(
936 "CECPQ1-RSA-AES256-GCM-SHA384:" 931 "CECPQ1-RSA-AES256-GCM-SHA384:"
937 "CECPQ1-ECDSA-AES256-GCM-SHA384:"); 932 "CECPQ1-ECDSA-AES256-GCM-SHA384:");
938 } 933 }
939 command.append( 934 command.append(
940 "CECPQ1-RSA-CHACHA20-POLY1305-SHA256:" 935 "CECPQ1-RSA-CHACHA20-POLY1305-SHA256:"
941 "CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256:"); 936 "CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256:");
942 if (!EVP_has_aes_hardware()) { 937 if (!EVP_has_aes_hardware()) {
943 command.append( 938 command.append(
944 "CECPQ1-RSA-AES256-GCM-SHA384:" 939 "CECPQ1-RSA-AES256-GCM-SHA384:"
945 "CECPQ1-ECDSA-AES256-GCM-SHA384:"); 940 "CECPQ1-ECDSA-AES256-GCM-SHA384:");
946 } 941 }
947 } 942 }
948 command.append("ALL:!SHA256:!SHA384:!DHE-RSA-AES256-GCM-SHA384:!aPSK:!RC4"); 943
944 // Use BoringSSL defaults, but disable HMAC-SHA256 and HMAC-SHA384 ciphers
945 // (note that SHA256 and SHA384 only select legacy CBC ciphers). Additionally
946 // disable HMAC-SHA1 ciphers in ECDSA. Also disable
947 // DHE_RSA_WITH_AES_256_GCM_SHA384. Historically, AES_256_GCM was not
948 // supported. As DHE is being deprecated, don't add a cipher only to remove it
949 // immediately.
950 //
951 // TODO(davidben): Remove the DHE_RSA_WITH_AES_256_GCM_SHA384 exclusion when
952 // the DHEEnabled administrative policy expires.
953 command.append(
954 "ALL:!SHA256:!SHA384:!ECDSA+SHA1:!DHE-RSA-AES256-GCM-SHA384:!aPSK:!RC4");
949 955
950 if (ssl_config_.require_ecdhe) 956 if (ssl_config_.require_ecdhe)
951 command.append(":!kRSA:!kDHE"); 957 command.append(":!kRSA:!kDHE");
952 958
953 if (!ssl_config_.deprecated_cipher_suites_enabled) { 959 if (!ssl_config_.deprecated_cipher_suites_enabled) {
954 // Only offer DHE on the second handshake. https://crbug.com/538690 960 // Only offer DHE on the second handshake. https://crbug.com/538690
955 command.append(":!kDHE"); 961 command.append(":!kDHE");
956 } 962 }
957 963
958 // Remove any disabled ciphers. 964 // Remove any disabled ciphers.
(...skipping 1032 matching lines...) Expand 10 before | Expand all | Expand 10 after
1991 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED && 1997 if (ERR_GET_REASON(info->error_code) == SSL_R_TLSV1_ALERT_ACCESS_DENIED &&
1992 !certificate_requested_) { 1998 !certificate_requested_) {
1993 net_error = ERR_SSL_PROTOCOL_ERROR; 1999 net_error = ERR_SSL_PROTOCOL_ERROR;
1994 } 2000 }
1995 } 2001 }
1996 2002
1997 return net_error; 2003 return net_error;
1998 } 2004 }
1999 2005
2000 } // namespace net 2006 } // namespace net
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698