diff options
| author | davidben <davidben@chromium.org> | 2015-12-10 16:09:38 -0800 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-12-11 00:10:22 +0000 |
| commit | 45e87488fe7fbd8860b040b70c41e4557e06edc4 (patch) | |
| tree | 5f0da74f71a75c622ef25ce54c8bd24fc4504ed7 /net/socket/ssl_client_socket_nss.cc | |
| parent | c23ea2a280fd3bb8201ffacc72d5ac762c998553 (diff) | |
| download | chromium_src-45e87488fe7fbd8860b040b70c41e4557e06edc4.zip chromium_src-45e87488fe7fbd8860b040b70c41e4557e06edc4.tar.gz chromium_src-45e87488fe7fbd8860b040b70c41e4557e06edc4.tar.bz2 | |
Only enable RC4 when manually enabled and in a fallback handshake
While the option to manually enable RC4 exists (via SSLConfig's
|rc4_enabled|, which can be controlled via admin policy or field trial), it
should only be enabled in fallback handshakes, where no other
ciphersuite could be negotiated.
BUG=568694
Review URL: https://codereview.chromium.org/1512753007
Cr-Commit-Position: refs/heads/master@{#364534}
Diffstat (limited to 'net/socket/ssl_client_socket_nss.cc')
| -rw-r--r-- | net/socket/ssl_client_socket_nss.cc | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc index 032840a..273d665 100644 --- a/net/socket/ssl_client_socket_nss.cc +++ b/net/socket/ssl_client_socket_nss.cc @@ -2788,8 +2788,11 @@ int SSLClientSocketNSS::InitializeSSLOptions() { SECSuccess) { continue; } - if (info.symCipher == ssl_calg_rc4 && !ssl_config_.rc4_enabled) + if (info.symCipher == ssl_calg_rc4 && + !(ssl_config_.rc4_enabled && + ssl_config_.deprecated_cipher_suites_enabled)) { SSL_CipherPrefSet(nss_fd_, ssl_ciphers[i], PR_FALSE); + } if (info.keaType == ssl_kea_dh && !ssl_config_.deprecated_cipher_suites_enabled) { // Only offer DHE on the second handshake. https://crbug.com/538690 |