Skip to content

GitLab

T
tangled
Commit 1ec0ff00 authored by wtc@chromium.org's avatar wtc@chromium.org
Browse files
Options

Turn off TLS 1.1. 

This change is intended to be merged to the 1180 branch for
Chrome 21 Stable. On the trunk this change is only temporary
and will be replaced by a fix for bug 141629.

R=agl@chromium.org,rsleevi@chromium.org
BUG=142172
TEST=Visit https://www.google.com/ and https://www.facebook.com/.
Click the lock icon. The page info bubble should say
"The connection uses TLS 1.0."

Review URL: https://chromiumcodereview.appspot.com/10828272

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@151198 0039d316-1c4b-4281-b951-d872f2087c98
parent 371c7cda
Hide whitespace changes
Inline Side-by-side
Showing with 3 additions and 16 deletions
net/base/ssl_config_service.cc
View file @ 1ec0ff00
......@@ -18,16 +18,7 @@ namespace net {
static uint16 g_default_version_min = SSL_PROTOCOL_VERSION_SSL3;
static uint16 g_default_version_max =
#if defined(USE_OPENSSL)
#if defined(SSL_OP_NO_TLSv1_1)
SSL_PROTOCOL_VERSION_TLS1_1;
#else
SSL_PROTOCOL_VERSION_TLS1;
#endif
#else
SSL_PROTOCOL_VERSION_TLS1_1;
#endif
static uint16 g_default_version_max = SSL_PROTOCOL_VERSION_TLS1;
SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {}
......
net/socket/ssl_server_socket_nss.cc
View file @ 1ec0ff00
......@@ -103,7 +103,7 @@ SSLServerSocketNSS::SSLServerSocketNSS(
completed_handshake_(false) {
ssl_config_.false_start_enabled = false;
ssl_config_.version_min = SSL_PROTOCOL_VERSION_SSL3;
ssl_config_.version_max = SSL_PROTOCOL_VERSION_TLS1_1;
ssl_config_.version_max = SSL_PROTOCOL_VERSION_TLS1;
// TODO(hclam): Need a better way to clone a key.
std::vector<uint8> key_bytes;
......
net/socket/ssl_server_socket_unittest.cc
View file @ 1ec0ff00
......@@ -335,7 +335,7 @@ class SSLServerSocketTest : public PlatformTest {
ssl_config.false_start_enabled = false;
ssl_config.channel_id_enabled = false;
ssl_config.version_min = SSL_PROTOCOL_VERSION_SSL3;
ssl_config.version_max = SSL_PROTOCOL_VERSION_TLS1_1;
ssl_config.version_max = SSL_PROTOCOL_VERSION_TLS1;
// Certificate provided by the host doesn't need authority.
net::SSLConfig::CertAndStatus cert_and_status;
......
net/url_request/url_request_unittest.cc
View file @ 1ec0ff00
......@@ -1795,10 +1795,6 @@ TEST_F(HTTPSRequestTest, SSLv3Fallback) {
// than necessary.
TEST_F(HTTPSRequestTest, TLSv1Fallback) {
uint16 default_version_max = SSLConfigService::default_version_max();
// The OpenSSL library in use may not support TLS 1.1.
#if !defined(USE_OPENSSL)
EXPECT_GT(default_version_max, SSL_PROTOCOL_VERSION_TLS1);
#endif
if (default_version_max <= SSL_PROTOCOL_VERSION_TLS1)
return;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment