diff options
| author | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-06-20 18:45:08 +0000 |
|---|---|---|
| committer | wtc@chromium.org <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2012-06-20 18:45:08 +0000 |
| commit | 17a680f45d50f9282d2a4ecd97f852849c5aad03 (patch) | |
| tree | 3e2b34ec0817e1ce21a64f95da98c9b97bec9e32 /net/socket | |
| parent | ca6b8608f99aff601b7899d89aa1b748f855fc83 (diff) | |
| download | chromium_src-17a680f45d50f9282d2a4ecd97f852849c5aad03.zip chromium_src-17a680f45d50f9282d2a4ecd97f852849c5aad03.tar.gz chromium_src-17a680f45d50f9282d2a4ecd97f852849c5aad03.tar.bz2 | |
Revert 141941 temporarily - Allow ERR_CONNECTION_RESET during the SSL
handshake to trigger a TLS 1.1 -> TLS 1.0 fallback.
This will allow us to detect more network devices that reset TCP
connections during TLS 1.1 handshakes.
Original review URL: https://chromiumcodereview.appspot.com/10493003
R=agl@chromium.org
BUG=130293
TEST=none
Review URL: https://chromiumcodereview.appspot.com/10573033
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@143215 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'net/socket')
| -rw-r--r-- | net/socket/ssl_client_socket_nss.cc | 17 |
1 files changed, 0 insertions, 17 deletions
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc index 32e70f8..d60547f 100644 --- a/net/socket/ssl_client_socket_nss.cc +++ b/net/socket/ssl_client_socket_nss.cc @@ -2050,23 +2050,6 @@ int SSLClientSocketNSS::Core::DoHandshake() { PRErrorCode prerr = PR_GetError(); net_error = HandleNSSError(prerr, true); - // Some network devices that inspect application-layer packets seem to - // inject TCP reset packets to break the connections when they see - // TLS 1.1 in ClientHello or ServerHello. See http://crbug.com/130293. - // - // Only allow ERR_CONNECTION_RESET to trigger a TLS 1.1 -> TLS 1.0 - // fallback. We don't lose much in this fallback because the explicit - // IV for CBC mode in TLS 1.1 is approximated by record splitting in - // TLS 1.0. - // - // ERR_CONNECTION_RESET is a common network error, so we don't want it - // to trigger a version fallback in general, especially the TLS 1.0 -> - // SSL 3.0 fallback, which would drop TLS extensions. - if (prerr == PR_CONNECT_RESET_ERROR && - ssl_config_.version_max == SSL_PROTOCOL_VERSION_TLS1_1) { - net_error = ERR_SSL_PROTOCOL_ERROR; - } - // If not done, stay in this state if (net_error == ERR_IO_PENDING) { GotoState(STATE_HANDSHAKE); |