Commit 21a1a185 authored by wtc@chromium.org's avatar wtc@chromium.org

Revert 151198 - Turn off TLS 1.1.

Review URL: https://chromiumcodereview.appspot.com/10828272

Bug 141629 has been fixed. We can turn on TLS 1.1 on the trunk.

TBR=agl@chromium.org,rsleevi@chromium.org
BUG=142172
TEST=Visit https://www.google.com/ and https://www.facebook.com/.
Click the lock icon. The page info bubble should say
"The connection uses TLS 1.1."

Review URL: https://chromiumcodereview.appspot.com/10854212

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@152404 0039d316-1c4b-4281-b951-d872f2087c98
parent 9f843612
...@@ -18,7 +18,16 @@ namespace net { ...@@ -18,7 +18,16 @@ namespace net {
static uint16 g_default_version_min = SSL_PROTOCOL_VERSION_SSL3; static uint16 g_default_version_min = SSL_PROTOCOL_VERSION_SSL3;
static uint16 g_default_version_max = SSL_PROTOCOL_VERSION_TLS1; static uint16 g_default_version_max =
#if defined(USE_OPENSSL)
#if defined(SSL_OP_NO_TLSv1_1)
SSL_PROTOCOL_VERSION_TLS1_1;
#else
SSL_PROTOCOL_VERSION_TLS1;
#endif
#else
SSL_PROTOCOL_VERSION_TLS1_1;
#endif
SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {} SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {}
......
...@@ -103,7 +103,7 @@ SSLServerSocketNSS::SSLServerSocketNSS( ...@@ -103,7 +103,7 @@ SSLServerSocketNSS::SSLServerSocketNSS(
completed_handshake_(false) { completed_handshake_(false) {
ssl_config_.false_start_enabled = false; ssl_config_.false_start_enabled = false;
ssl_config_.version_min = SSL_PROTOCOL_VERSION_SSL3; ssl_config_.version_min = SSL_PROTOCOL_VERSION_SSL3;
ssl_config_.version_max = SSL_PROTOCOL_VERSION_TLS1; ssl_config_.version_max = SSL_PROTOCOL_VERSION_TLS1_1;
// TODO(hclam): Need a better way to clone a key. // TODO(hclam): Need a better way to clone a key.
std::vector<uint8> key_bytes; std::vector<uint8> key_bytes;
......
...@@ -335,7 +335,7 @@ class SSLServerSocketTest : public PlatformTest { ...@@ -335,7 +335,7 @@ class SSLServerSocketTest : public PlatformTest {
ssl_config.false_start_enabled = false; ssl_config.false_start_enabled = false;
ssl_config.channel_id_enabled = false; ssl_config.channel_id_enabled = false;
ssl_config.version_min = SSL_PROTOCOL_VERSION_SSL3; ssl_config.version_min = SSL_PROTOCOL_VERSION_SSL3;
ssl_config.version_max = SSL_PROTOCOL_VERSION_TLS1; ssl_config.version_max = SSL_PROTOCOL_VERSION_TLS1_1;
// Certificate provided by the host doesn't need authority. // Certificate provided by the host doesn't need authority.
net::SSLConfig::CertAndStatus cert_and_status; net::SSLConfig::CertAndStatus cert_and_status;
......
...@@ -1825,6 +1825,10 @@ TEST_F(HTTPSRequestTest, SSLv3Fallback) { ...@@ -1825,6 +1825,10 @@ TEST_F(HTTPSRequestTest, SSLv3Fallback) {
// than necessary. // than necessary.
TEST_F(HTTPSRequestTest, TLSv1Fallback) { TEST_F(HTTPSRequestTest, TLSv1Fallback) {
uint16 default_version_max = SSLConfigService::default_version_max(); uint16 default_version_max = SSLConfigService::default_version_max();
// The OpenSSL library in use may not support TLS 1.1.
#if !defined(USE_OPENSSL)
EXPECT_GT(default_version_max, SSL_PROTOCOL_VERSION_TLS1);
#endif
if (default_version_max <= SSL_PROTOCOL_VERSION_TLS1) if (default_version_max <= SSL_PROTOCOL_VERSION_TLS1)
return; return;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment