summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorpkasting@chromium.org <pkasting@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2014-03-22 00:26:54 +0000
committerpkasting@chromium.org <pkasting@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2014-03-22 00:26:54 +0000
commit05d0ad07f6cb6c3a2bec8aac2e792c50696c8025 (patch)
treebced787d1d986607ffe85b8f7cdc81e8ea25ce04
parentd15af082a647ed4d8468451ae37e40cfc6fed682 (diff)
downloadchromium_src-05d0ad07f6cb6c3a2bec8aac2e792c50696c8025.zip
chromium_src-05d0ad07f6cb6c3a2bec8aac2e792c50696c8025.tar.gz
chromium_src-05d0ad07f6cb6c3a2bec8aac2e792c50696c8025.tar.bz2
Remove --enable-unrestricted-ssl3-fallback.
It looks like this isn't actually wired to anything. BUG=354947 TEST=none R=jhawkins@chromium.org, rsleevi@chromium.org Review URL: https://codereview.chromium.org/200693006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@258714 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r--chrome/browser/net/ssl_config_service_manager_pref.cc9
-rw-r--r--chrome/browser/net/ssl_config_service_manager_pref_unittest.cc24
-rw-r--r--chrome/browser/prefs/command_line_pref_store.cc2
-rw-r--r--chrome/common/chrome_switches.cc7
-rw-r--r--chrome/common/chrome_switches.h1
-rw-r--r--chrome/common/pref_names.cc2
-rw-r--r--chrome/common/pref_names.h1
-rw-r--r--net/ssl/ssl_config_service.cc5
-rw-r--r--net/ssl/ssl_config_service.h7
-rw-r--r--net/ssl/ssl_config_service_unittest.cc5
10 files changed, 3 insertions, 60 deletions
diff --git a/chrome/browser/net/ssl_config_service_manager_pref.cc b/chrome/browser/net/ssl_config_service_manager_pref.cc
index 0aab9a6..706bcb0b 100644
--- a/chrome/browser/net/ssl_config_service_manager_pref.cc
+++ b/chrome/browser/net/ssl_config_service_manager_pref.cc
@@ -176,7 +176,6 @@ class SSLConfigServiceManagerPref
StringPrefMember ssl_version_max_;
BooleanPrefMember channel_id_enabled_;
BooleanPrefMember ssl_record_splitting_disabled_;
- BooleanPrefMember unrestricted_ssl3_fallback_enabled_;
// The cached list of disabled SSL cipher suites.
std::vector<uint16> disabled_cipher_suites_;
@@ -210,10 +209,6 @@ SSLConfigServiceManagerPref::SSLConfigServiceManagerPref(
prefs::kEnableOriginBoundCerts, local_state, local_state_callback);
ssl_record_splitting_disabled_.Init(
prefs::kDisableSSLRecordSplitting, local_state, local_state_callback);
- unrestricted_ssl3_fallback_enabled_.Init(
- prefs::kEnableUnrestrictedSSL3Fallback,
- local_state,
- local_state_callback);
local_state_change_registrar_.Init(local_state);
local_state_change_registrar_.Add(
@@ -244,8 +239,6 @@ void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) {
default_config.channel_id_enabled);
registry->RegisterBooleanPref(prefs::kDisableSSLRecordSplitting,
!default_config.false_start_enabled);
- registry->RegisterBooleanPref(prefs::kEnableUnrestrictedSSL3Fallback,
- default_config.unrestricted_ssl3_fallback_enabled);
registry->RegisterListPref(prefs::kCipherSuiteBlacklist);
}
@@ -304,8 +297,6 @@ void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs(
config->channel_id_enabled = channel_id_enabled_.GetValue();
// disabling False Start also happens to disable record splitting.
config->false_start_enabled = !ssl_record_splitting_disabled_.GetValue();
- config->unrestricted_ssl3_fallback_enabled =
- unrestricted_ssl3_fallback_enabled_.GetValue();
}
void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange(
diff --git a/chrome/browser/net/ssl_config_service_manager_pref_unittest.cc b/chrome/browser/net/ssl_config_service_manager_pref_unittest.cc
index 2cbfc05..753109c 100644
--- a/chrome/browser/net/ssl_config_service_manager_pref_unittest.cc
+++ b/chrome/browser/net/ssl_config_service_manager_pref_unittest.cc
@@ -146,11 +146,8 @@ TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) {
EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]);
}
-// Test that
-// * without command-line settings for minimum and maximum SSL versions,
-// SSL 3.0 ~ default_version_max() are enabled;
-// * without --enable-unrestricted-ssl3-fallback,
-// |unrestricted_ssl3_fallback_enabled| is false.
+// Test that without command-line settings for minimum and maximum SSL versions,
+// SSL 3.0 ~ default_version_max() are enabled.
TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) {
scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
@@ -174,13 +171,10 @@ TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) {
EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_min);
EXPECT_EQ(net::SSLConfigService::default_version_max(),
ssl_config.version_max);
- EXPECT_FALSE(ssl_config.unrestricted_ssl3_fallback_enabled);
// The settings should not be added to the local_state.
EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMin));
EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMax));
- EXPECT_FALSE(local_state->HasPrefPath(
- prefs::kEnableUnrestrictedSSL3Fallback));
// Explicitly double-check the settings are not in the preference store.
std::string version_min_str;
@@ -189,10 +183,6 @@ TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) {
&version_min_str));
EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax,
&version_max_str));
- bool unrestricted_ssl3_fallback_enabled;
- EXPECT_FALSE(local_state_store->GetBoolean(
- prefs::kEnableUnrestrictedSSL3Fallback,
- &unrestricted_ssl3_fallback_enabled));
}
// Test that command-line settings for minimum and maximum SSL versions are
@@ -203,7 +193,6 @@ TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) {
CommandLine command_line(CommandLine::NO_PROGRAM);
command_line.AppendSwitchASCII(switches::kSSLVersionMin, "tls1");
command_line.AppendSwitchASCII(switches::kSSLVersionMax, "ssl3");
- command_line.AppendSwitch(switches::kEnableUnrestrictedSSL3Fallback);
PrefServiceMockFactory factory;
factory.set_user_prefs(local_state_store);
@@ -224,7 +213,6 @@ TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) {
// Command-line flags should be respected.
EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min);
EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_max);
- EXPECT_TRUE(ssl_config.unrestricted_ssl3_fallback_enabled);
// Explicitly double-check the settings are not in the preference store.
const PrefService::Preference* version_min_pref =
@@ -235,18 +223,10 @@ TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) {
local_state->FindPreference(prefs::kSSLVersionMax);
EXPECT_FALSE(version_max_pref->IsUserModifiable());
- const PrefService::Preference* ssl3_fallback_pref =
- local_state->FindPreference(prefs::kEnableUnrestrictedSSL3Fallback);
- EXPECT_FALSE(ssl3_fallback_pref->IsUserModifiable());
-
std::string version_min_str;
std::string version_max_str;
EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin,
&version_min_str));
EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax,
&version_max_str));
- bool unrestricted_ssl3_fallback_enabled;
- EXPECT_FALSE(local_state_store->GetBoolean(
- prefs::kEnableUnrestrictedSSL3Fallback,
- &unrestricted_ssl3_fallback_enabled));
}
diff --git a/chrome/browser/prefs/command_line_pref_store.cc b/chrome/browser/prefs/command_line_pref_store.cc
index 9cdbd4b..f2d6855 100644
--- a/chrome/browser/prefs/command_line_pref_store.cc
+++ b/chrome/browser/prefs/command_line_pref_store.cc
@@ -57,8 +57,6 @@ const CommandLinePrefStore::BooleanSwitchToPreferenceMapEntry
{ switches::kDisableTLSChannelID, prefs::kEnableOriginBoundCerts, false },
{ switches::kDisableSSLFalseStart, prefs::kDisableSSLRecordSplitting,
true },
- { switches::kEnableUnrestrictedSSL3Fallback,
- prefs::kEnableUnrestrictedSSL3Fallback, true },
#if defined(GOOGLE_CHROME_BUILD)
{ switches::kDisablePrintPreview, prefs::kPrintPreviewDisabled, true },
#else
diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc
index e277754..8c7efc6 100644
--- a/chrome/common/chrome_switches.cc
+++ b/chrome/common/chrome_switches.cc
@@ -707,13 +707,6 @@ const char kEnableThumbnailRetargeting[] = "enable-thumbnail-retargeting";
// Enables Translate experimental new UX which replaces the infobar.
const char kEnableTranslateNewUX[] = "enable-translate-new-ux";
-// Enables unrestricted SSL 3.0 fallback.
-// With this switch, SSL 3.0 fallback will be enabled for all sites.
-// Without this switch, SSL 3.0 fallback will be disabled for a site
-// pinned to the Google pin list (indicating that it is a Google site).
-const char kEnableUnrestrictedSSL3Fallback[] =
- "enable-unrestricted-ssl3-fallback";
-
// Enables Alternate-Protocol when the port is user controlled (> 1024).
const char kEnableUserAlternateProtocolPorts[] =
"enable-user-controlled-alternate-protocol-ports";
diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h
index d0a932e..860b793 100644
--- a/chrome/common/chrome_switches.h
+++ b/chrome/common/chrome_switches.h
@@ -203,7 +203,6 @@ extern const char kEnableSyncArticles[];
extern const char kEnableSyncSyncedNotifications[];
extern const char kEnableThumbnailRetargeting[];
extern const char kEnableTranslateNewUX[];
-extern const char kEnableUnrestrictedSSL3Fallback[];
extern const char kEnableUserAlternateProtocolPorts[];
extern const char kEnableWatchdog[];
extern const char kEnableWebSocketOverSpdy[];
diff --git a/chrome/common/pref_names.cc b/chrome/common/pref_names.cc
index 4e62c2a..b7cd4c4 100644
--- a/chrome/common/pref_names.cc
+++ b/chrome/common/pref_names.cc
@@ -1357,8 +1357,6 @@ const char kSSLVersionMax[] = "ssl.version_max";
const char kCipherSuiteBlacklist[] = "ssl.cipher_suites.blacklist";
const char kEnableOriginBoundCerts[] = "ssl.origin_bound_certs.enabled";
const char kDisableSSLRecordSplitting[] = "ssl.ssl_record_splitting.disabled";
-const char kEnableUnrestrictedSSL3Fallback[] =
- "ssl.unrestricted_ssl3_fallback.enabled";
// A boolean pref of the EULA accepted flag.
const char kEulaAccepted[] = "EulaAccepted";
diff --git a/chrome/common/pref_names.h b/chrome/common/pref_names.h
index bf6d2d6..04cc692 100644
--- a/chrome/common/pref_names.h
+++ b/chrome/common/pref_names.h
@@ -423,7 +423,6 @@ extern const char kSSLVersionMax[];
extern const char kCipherSuiteBlacklist[];
extern const char kEnableOriginBoundCerts[];
extern const char kDisableSSLRecordSplitting[];
-extern const char kEnableUnrestrictedSSL3Fallback[];
extern const char kGLVendorString[];
extern const char kGLRendererString[];
diff --git a/net/ssl/ssl_config_service.cc b/net/ssl/ssl_config_service.cc
index ec9fcc3..ef98dc7 100644
--- a/net/ssl/ssl_config_service.cc
+++ b/net/ssl/ssl_config_service.cc
@@ -44,7 +44,6 @@ SSLConfig::SSLConfig()
false_start_enabled(true),
signed_cert_timestamps_enabled(true),
require_forward_secrecy(false),
- unrestricted_ssl3_fallback_enabled(false),
send_client_cert(false),
verify_ev_cert(false),
version_fallback(false),
@@ -149,9 +148,7 @@ void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config,
(orig_config.channel_id_enabled != new_config.channel_id_enabled) ||
(orig_config.false_start_enabled != new_config.false_start_enabled) ||
(orig_config.require_forward_secrecy !=
- new_config.require_forward_secrecy) ||
- (orig_config.unrestricted_ssl3_fallback_enabled !=
- new_config.unrestricted_ssl3_fallback_enabled);
+ new_config.require_forward_secrecy);
if (config_changed)
NotifySSLConfigChange();
diff --git a/net/ssl/ssl_config_service.h b/net/ssl/ssl_config_service.h
index 08a59fd..54ad087 100644
--- a/net/ssl/ssl_config_service.h
+++ b/net/ssl/ssl_config_service.h
@@ -107,13 +107,6 @@ struct NET_EXPORT SSLConfig {
// that could be extended if needed.
bool require_forward_secrecy;
- // If |unrestricted_ssl3_fallback_enabled| is true, SSL 3.0 fallback will be
- // enabled for all sites.
- // If |unrestricted_ssl3_fallback_enabled| is false, SSL 3.0 fallback will be
- // disabled for a site pinned to the Google pin list (indicating that it is a
- // Google site).
- bool unrestricted_ssl3_fallback_enabled;
-
// TODO(wtc): move the following members to a new SSLParams structure. They
// are not SSL configuration settings.
diff --git a/net/ssl/ssl_config_service_unittest.cc b/net/ssl/ssl_config_service_unittest.cc
index 42c8ae4..e8a4c33 100644
--- a/net/ssl/ssl_config_service_unittest.cc
+++ b/net/ssl/ssl_config_service_unittest.cc
@@ -69,7 +69,6 @@ TEST(SSLConfigServiceTest, ConfigUpdatesNotifyObservers) {
SSLConfig initial_config;
initial_config.rev_checking_enabled = true;
initial_config.false_start_enabled = false;
- initial_config.unrestricted_ssl3_fallback_enabled = false;
initial_config.version_min = SSL_PROTOCOL_VERSION_SSL3;
initial_config.version_max = SSL_PROTOCOL_VERSION_TLS1_1;
@@ -87,10 +86,6 @@ TEST(SSLConfigServiceTest, ConfigUpdatesNotifyObservers) {
EXPECT_CALL(observer, OnSSLConfigChanged()).Times(1);
mock_service->SetSSLConfig(initial_config);
- initial_config.unrestricted_ssl3_fallback_enabled = true;
- EXPECT_CALL(observer, OnSSLConfigChanged()).Times(1);
- mock_service->SetSSLConfig(initial_config);
-
// Test that changing the SSL version range triggers updates.
initial_config.version_min = SSL_PROTOCOL_VERSION_TLS1;
EXPECT_CALL(observer, OnSSLConfigChanged()).Times(1);