From 9b4bc4a99d8774c263debe567bd12a7e4dc5b5a8 Mon Sep 17 00:00:00 2001 From: "wtc@chromium.org" Date: Tue, 20 Aug 2013 22:59:07 +0000 Subject: Disable the HMAC-SHA256 and AES_256_GCM cipher suites for SSLClientSocketOpenSSL. R=rsleevi@chromium.org BUG=255241 TEST=none Review URL: https://chromiumcodereview.appspot.com/23038011 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@218564 0039d316-1c4b-4281-b951-d872f2087c98 --- net/socket/ssl_client_socket_openssl.cc | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'net/socket') diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc index 4591cec..416ab87 100644 --- a/net/socket/ssl_client_socket_openssl.cc +++ b/net/socket/ssl_client_socket_openssl.cc @@ -532,9 +532,11 @@ bool SSLClientSocketOpenSSL::Init() { STACK_OF(SSL_CIPHER)* ciphers = SSL_get_ciphers(ssl_); DCHECK(ciphers); // See SSLConfig::disabled_cipher_suites for description of the suites - // disabled by default. Note that !SHA384 only removes HMAC-SHA384 cipher - // suites, not GCM cipher suites with SHA384 as the handshake hash. - std::string command("DEFAULT:!NULL:!aNULL:!IDEA:!FZA:!SRP:!SHA384:!aECDH"); + // disabled by default. Note that !SHA256 and !SHA384 only remove HMAC-SHA256 + // and HMAC-SHA384 cipher suites, not GCM cipher suites with SHA256 or SHA384 + // as the handshake hash. + std::string command("DEFAULT:!NULL:!aNULL:!IDEA:!FZA:!SRP:!SHA256:!SHA384:" + "!aECDH:!AESGCM+AES256"); // Walk through all the installed ciphers, seeing if any need to be // appended to the cipher removal |command|. for (int i = 0; i < sk_SSL_CIPHER_num(ciphers); ++i) { -- cgit v1.1