net: show UI warnings for SSLv3.

This change causes sites using SSLv3 to show a "mixed content" level warning on the lock icon and for the section in the connection status to go red. There's no message added to the connection status because, if we plan on removing SSLv3 by default in Chrome 40, then we want to merge this to Chrome 39 and thus there's no time to get a translation. BUG=419870 Review URL: https://codereview.chromium.org/662883002 Cr-Commit-Position: refs/heads/master@{#300346}

net: show UI warnings for SSLv3.
This change causes sites using SSLv3 to show a "mixed content" level warning on the lock icon and for the section in the connection status to go red. There's no message added to the connection status because, if we plan on removing SSLv3 by default in Chrome 40, then we want to merge this to Chrome 39 and thus there's no time to get a translation. BUG=419870 Review URL: https://codereview.chromium.org/662883002 Cr-Commit-Position: refs/heads/master@{#300346}
078d2102 · agl · Commit bot · e2607d44 · 078d2102 · 078d2102
Commit 078d2102 authored Oct 20, 2014 by agl Committed by Commit bot Oct 20, 2014
Showing with 14 additions and 5 deletions

chrome/browser/ui/toolbar/toolbar_model_impl.cc chrome/browser/ui/toolbar/toolbar_model_impl.cc +6 -0

chrome/browser/ui/website_settings/website_settings.cc chrome/browser/ui/website_settings/website_settings.cc +8 -5

No files found.
--- a/chrome/browser/ui/toolbar/toolbar_model_impl.cc
+++ b/chrome/browser/ui/toolbar/toolbar_model_impl.cc
@@ -36,6 +36,7 @@
 #include "net/base/net_util.h"
 #include "net/cert/cert_status_flags.h"
 #include "net/cert/x509_certificate.h"
+#include "net/ssl/ssl_connection_status_flags.h"
 #include "ui/base/l10n/l10n_util.h"

 #if defined(OS_CHROMEOS)
@@ -143,6 +144,11 @@ ToolbarModel::SecurityLevel ToolbarModelImpl::GetSecurityLevelForWebContents(
        DCHECK(net::IsCertStatusMinorError(ssl.cert_status));
        return SECURITY_WARNING;
      }
+      if (net::SSLConnectionStatusToVersion(ssl.connection_status) ==
+          net::SSL_CONNECTION_VERSION_SSL3) {
+        // SSLv3 will be removed in the future.
+        return SECURITY_WARNING;
+      }
      if ((ssl.cert_status & net::CERT_STATUS_IS_EV) && cert.get())
        return EV_SECURE;
      return SECURE;

--- a/chrome/browser/ui/website_settings/website_settings.cc
+++ b/chrome/browser/ui/website_settings/website_settings.cc
@@ -558,8 +558,6 @@ void WebsiteSettings::Init(Profile* profile,
        IDS_PAGE_INFO_SECURITY_TAB_SSL_VERSION,
        ASCIIToUTF16(ssl_version_str));

-    bool did_fallback = (ssl.connection_status &
-                         net::SSL_CONNECTION_VERSION_FALLBACK) != 0;
    bool no_renegotiation =
        (ssl.connection_status &
        net::SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION) != 0;
@@ -579,14 +577,19 @@ void WebsiteSettings::Init(Profile* profile,
          ASCIIToUTF16(cipher), ASCIIToUTF16(mac), ASCIIToUTF16(key_exchange));
    }

+    if (ssl_version == net::SSL_CONNECTION_VERSION_SSL3 &&
+        site_connection_status_ < SITE_CONNECTION_STATUS_MIXED_CONTENT) {
+      site_connection_status_ = SITE_CONNECTION_STATUS_ENCRYPTED_ERROR;
+    }
+
+    const bool did_fallback =
+        (ssl.connection_status & net::SSL_CONNECTION_VERSION_FALLBACK) != 0;
    if (did_fallback) {
-      // For now, only SSLv3 fallback will trigger a warning icon.
-      if (site_connection_status_ < SITE_CONNECTION_STATUS_MIXED_CONTENT)
-        site_connection_status_ = SITE_CONNECTION_STATUS_MIXED_CONTENT;
      site_connection_details_ += ASCIIToUTF16("\n\n");
      site_connection_details_ += l10n_util::GetStringUTF16(
          IDS_PAGE_INFO_SECURITY_TAB_FALLBACK_MESSAGE);
    }
+
    if (no_renegotiation) {
      site_connection_details_ += ASCIIToUTF16("\n\n");
      site_connection_details_ += l10n_util::GetStringUTF16(