diff options
| author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-08-20 22:18:23 +0000 |
|---|---|---|
| committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-08-20 22:18:23 +0000 |
| commit | 21a1a185448a3f9cd275933af3b41a4f94ea0cec (patch) | |
| tree | 93ade7c6189aa56497840f8fb4d779a272a63db5 | |
| parent | 9f843612c468993f55baf0e4848f26bccf6bc018 (diff) | |
| download | chromium_src-21a1a185448a3f9cd275933af3b41a4f94ea0cec.zip chromium_src-21a1a185448a3f9cd275933af3b41a4f94ea0cec.tar.gz chromium_src-21a1a185448a3f9cd275933af3b41a4f94ea0cec.tar.bz2 | |
Revert 151198 - Turn off TLS 1.1.
Review URL: https://chromiumcodereview.appspot.com/10828272
Bug 141629 has been fixed. We can turn on TLS 1.1 on the trunk.
TBR=agl@chromium.org,rsleevi@chromium.org
BUG=142172
TEST=Visit https://www.google.com/ and https://www.facebook.com/.
Click the lock icon. The page info bubble should say
"The connection uses TLS 1.1."
Review URL: https://chromiumcodereview.appspot.com/10854212
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@152404 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | net/base/ssl_config_service.cc | 11 | ||||
| -rw-r--r-- | net/socket/ssl_server_socket_nss.cc | 2 | ||||
| -rw-r--r-- | net/socket/ssl_server_socket_unittest.cc | 2 | ||||
| -rw-r--r-- | net/url_request/url_request_unittest.cc | 4 |
4 files changed, 16 insertions, 3 deletions
diff --git a/net/base/ssl_config_service.cc b/net/base/ssl_config_service.cc index 2dbee56..ad2928e16 100644 --- a/net/base/ssl_config_service.cc +++ b/net/base/ssl_config_service.cc @@ -18,7 +18,16 @@ namespace net { static uint16 g_default_version_min = SSL_PROTOCOL_VERSION_SSL3; -static uint16 g_default_version_max = SSL_PROTOCOL_VERSION_TLS1; +static uint16 g_default_version_max = +#if defined(USE_OPENSSL) +#if defined(SSL_OP_NO_TLSv1_1) + SSL_PROTOCOL_VERSION_TLS1_1; +#else + SSL_PROTOCOL_VERSION_TLS1; +#endif +#else + SSL_PROTOCOL_VERSION_TLS1_1; +#endif SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {} diff --git a/net/socket/ssl_server_socket_nss.cc b/net/socket/ssl_server_socket_nss.cc index 0a119a1..7203881 100644 --- a/net/socket/ssl_server_socket_nss.cc +++ b/net/socket/ssl_server_socket_nss.cc @@ -103,7 +103,7 @@ SSLServerSocketNSS::SSLServerSocketNSS( completed_handshake_(false) { ssl_config_.false_start_enabled = false; ssl_config_.version_min = SSL_PROTOCOL_VERSION_SSL3; - ssl_config_.version_max = SSL_PROTOCOL_VERSION_TLS1; + ssl_config_.version_max = SSL_PROTOCOL_VERSION_TLS1_1; // TODO(hclam): Need a better way to clone a key. std::vector<uint8> key_bytes; diff --git a/net/socket/ssl_server_socket_unittest.cc b/net/socket/ssl_server_socket_unittest.cc index 5c3c5a7..f93d7c6 100644 --- a/net/socket/ssl_server_socket_unittest.cc +++ b/net/socket/ssl_server_socket_unittest.cc @@ -335,7 +335,7 @@ class SSLServerSocketTest : public PlatformTest { ssl_config.false_start_enabled = false; ssl_config.channel_id_enabled = false; ssl_config.version_min = SSL_PROTOCOL_VERSION_SSL3; - ssl_config.version_max = SSL_PROTOCOL_VERSION_TLS1; + ssl_config.version_max = SSL_PROTOCOL_VERSION_TLS1_1; // Certificate provided by the host doesn't need authority. net::SSLConfig::CertAndStatus cert_and_status; diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc index de020b2..a61a206 100644 --- a/net/url_request/url_request_unittest.cc +++ b/net/url_request/url_request_unittest.cc @@ -1825,6 +1825,10 @@ TEST_F(HTTPSRequestTest, SSLv3Fallback) { // than necessary. TEST_F(HTTPSRequestTest, TLSv1Fallback) { uint16 default_version_max = SSLConfigService::default_version_max(); + // The OpenSSL library in use may not support TLS 1.1. +#if !defined(USE_OPENSSL) + EXPECT_GT(default_version_max, SSL_PROTOCOL_VERSION_TLS1); +#endif if (default_version_max <= SSL_PROTOCOL_VERSION_TLS1) return; |