net: disable ChaCha20 based cipher suites.

We're not ready for this in M32: * The Windows compiler doesn't support vector code so we're using generic code there. * We don't have promotion for AES-GCM ciphersuites when AES-NI is supported. This change is designed to be reverted on trunk once M32 has branched. BUG=315791 Review URL: https://codereview.chromium.org/60353005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@233470 0039d316-1c4b-4281-b951-d872f2087c98

net: disable ChaCha20 based cipher suites.
We're not ready for this in M32: * The Windows compiler doesn't support vector code so we're using generic code there. * We don't have promotion for AES-GCM ciphersuites when AES-NI is supported. This change is designed to be reverted on trunk once M32 has branched. BUG=315791 Review URL: https://codereview.chromium.org/60353005 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@233470 0039d316-1c4b-4281-b951-d872f2087c98
f60051b4 · agl@chromium.org · f1989ce2 · f60051b4
Commit f60051b4 authored Nov 07, 2013 by agl@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

net/socket/nss_ssl_util.cc net/socket/nss_ssl_util.cc +5 -0

No files found.
--- a/net/socket/nss_ssl_util.cc
+++ b/net/socket/nss_ssl_util.cc
@@ -70,6 +70,11 @@ class NSSSSLInitSingleton {
          enabled = false;
        }
+        // We also disable ChaCha20 based cipher suites for now because we
+        // aren't quite ready to use them in M32.
+        if (info.symCipher == ssl_calg_chacha20)
+          enabled = false;
        if (ssl_ciphers[i] == TLS_DHE_DSS_WITH_AES_128_CBC_SHA) {
          // Enabled to allow servers with only a DSA certificate to function.
          enabled = true;