bug 951199 - Interface for Socket Level Access to TLS Version Used r=dkeeler r=bsmith

2024-09-13 09:24:08 -07:00 · 2013-10-09 17:21:48 -07:00 · 2013-10-09 17:21:48 -07:00 · 0685b54dce
commit 0685b54dce
parent 170d2cae88
4 changed files with 29 additions and 1 deletions
--- a/netwerk/socket/nsISSLSocketControl.idl
+++ b/netwerk/socket/nsISSLSocketControl.idl
@ -14,7 +14,7 @@ class nsCString;
 %}
 [ref] native nsCStringTArrayRef(nsTArray<nsCString>);

-[scriptable, builtinclass, uuid(5fe25c47-5462-4b85-b946-fc2e20c07cdf)]
+[scriptable, builtinclass, uuid(4080f700-9c16-4884-8f8d-e28094377084)]
 interface nsISSLSocketControl : nsISupports {
    attribute nsIInterfaceRequestor     notificationCallbacks;

@ -69,5 +69,14 @@ interface nsISSLSocketControl : nsISupports {
     * The original flags from the socket provider.
     */
    readonly attribute uint32_t providerFlags;
+
+    /* These values are defined by TLS. */
+    const short SSL_VERSION_3   = 0x0300;
+    const short TLS_VERSION_1   = 0x0301;
+    const short TLS_VERSION_1_1 = 0x0302;
+    const short TLS_VERSION_1_2 = 0x0303;
+    const short SSL_VERSION_UNKNOWN = -1;
+
+    [infallible] readonly attribute short SSLVersionUsed;
 };

--- a/security/manager/ssl/src/nsNSSCallbacks.cpp
+++ b/security/manager/ssl/src/nsNSSCallbacks.cpp
@ -881,6 +881,11 @@ PreliminaryHandshakeDone(PRFileDesc* fd)

  infoObject->SetPreliminaryHandshakeDone();

+  SSLChannelInfo channelInfo;
+  if (SSL_GetChannelInfo(fd, &channelInfo, sizeof(channelInfo)) == SECSuccess) {
+    infoObject->SetSSLVersionUsed(channelInfo.protocolVersion);
+  }
+
  // Get the NPN value.
  SSLNextProtoState state;
  unsigned char npnbuf[256];
--- a/security/manager/ssl/src/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/src/nsNSSIOLayer.cpp
@ -133,6 +133,7 @@ nsNSSSocketInfo::nsNSSSocketInfo(SharedSSLState& aState, uint32_t providerFlags)
    mNotedTimeUntilReady(false),
    mKEAUsed(nsISSLSocketControl::KEY_EXCHANGE_UNKNOWN),
    mKEAExpected(nsISSLSocketControl::KEY_EXCHANGE_UNKNOWN),
+    mSSLVersionUsed(nsISSLSocketControl::SSL_VERSION_UNKNOWN),
    mProviderFlags(providerFlags),
    mSocketCreationTimestamp(TimeStamp::Now()),
    mPlaintextBytesRead(0)
@ -173,6 +174,13 @@ nsNSSSocketInfo::SetKEAExpected(int16_t aKea)
  return NS_OK;
 }

+NS_IMETHODIMP
+nsNSSSocketInfo::GetSSLVersionUsed(int16_t *aSSLVersionUsed)
+{
+  *aSSLVersionUsed = mSSLVersionUsed;
+  return NS_OK;
+}
+
 NS_IMETHODIMP nsNSSSocketInfo::GetRememberClientAuthCertificate(bool *aRememberClientAuthCertificate)
 {
  NS_ENSURE_ARG_POINTER(aRememberClientAuthCertificate);
--- a/security/manager/ssl/src/nsNSSIOLayer.h
+++ b/security/manager/ssl/src/nsNSSIOLayer.h
@ -107,6 +107,11 @@ public:
    return result;
  }

+  void SetSSLVersionUsed(int16_t version)
+  {
+    mSSLVersionUsed = version;
+  }
+
 private:
  PRFileDesc* mFd;

@ -136,6 +141,7 @@ private:
  // Values are from nsISSLSocketControl
  int16_t mKEAUsed;
  int16_t mKEAExpected;
+  int16_t mSSLVersionUsed;

  uint32_t mProviderFlags;
  mozilla::TimeStamp mSocketCreationTimestamp;