diff --git a/netwerk/socket/nsISSLSocketControl.idl b/netwerk/socket/nsISSLSocketControl.idl index 591b6fbd921..4ef96768601 100644 --- a/netwerk/socket/nsISSLSocketControl.idl +++ b/netwerk/socket/nsISSLSocketControl.idl @@ -14,7 +14,7 @@ class nsCString; %} [ref] native nsCStringTArrayRef(nsTArray); -[scriptable, builtinclass, uuid(5fe25c47-5462-4b85-b946-fc2e20c07cdf)] +[scriptable, builtinclass, uuid(4080f700-9c16-4884-8f8d-e28094377084)] interface nsISSLSocketControl : nsISupports { attribute nsIInterfaceRequestor notificationCallbacks; @@ -69,5 +69,14 @@ interface nsISSLSocketControl : nsISupports { * The original flags from the socket provider. */ readonly attribute uint32_t providerFlags; + + /* These values are defined by TLS. */ + const short SSL_VERSION_3 = 0x0300; + const short TLS_VERSION_1 = 0x0301; + const short TLS_VERSION_1_1 = 0x0302; + const short TLS_VERSION_1_2 = 0x0303; + const short SSL_VERSION_UNKNOWN = -1; + + [infallible] readonly attribute short SSLVersionUsed; }; diff --git a/security/manager/ssl/src/nsNSSCallbacks.cpp b/security/manager/ssl/src/nsNSSCallbacks.cpp index 360f6972ace..7e0a0003057 100644 --- a/security/manager/ssl/src/nsNSSCallbacks.cpp +++ b/security/manager/ssl/src/nsNSSCallbacks.cpp @@ -881,6 +881,11 @@ PreliminaryHandshakeDone(PRFileDesc* fd) infoObject->SetPreliminaryHandshakeDone(); + SSLChannelInfo channelInfo; + if (SSL_GetChannelInfo(fd, &channelInfo, sizeof(channelInfo)) == SECSuccess) { + infoObject->SetSSLVersionUsed(channelInfo.protocolVersion); + } + // Get the NPN value. SSLNextProtoState state; unsigned char npnbuf[256]; diff --git a/security/manager/ssl/src/nsNSSIOLayer.cpp b/security/manager/ssl/src/nsNSSIOLayer.cpp index ddc7832acce..24da57c316d 100644 --- a/security/manager/ssl/src/nsNSSIOLayer.cpp +++ b/security/manager/ssl/src/nsNSSIOLayer.cpp @@ -133,6 +133,7 @@ nsNSSSocketInfo::nsNSSSocketInfo(SharedSSLState& aState, uint32_t providerFlags) mNotedTimeUntilReady(false), mKEAUsed(nsISSLSocketControl::KEY_EXCHANGE_UNKNOWN), mKEAExpected(nsISSLSocketControl::KEY_EXCHANGE_UNKNOWN), + mSSLVersionUsed(nsISSLSocketControl::SSL_VERSION_UNKNOWN), mProviderFlags(providerFlags), mSocketCreationTimestamp(TimeStamp::Now()), mPlaintextBytesRead(0) @@ -173,6 +174,13 @@ nsNSSSocketInfo::SetKEAExpected(int16_t aKea) return NS_OK; } +NS_IMETHODIMP +nsNSSSocketInfo::GetSSLVersionUsed(int16_t *aSSLVersionUsed) +{ + *aSSLVersionUsed = mSSLVersionUsed; + return NS_OK; +} + NS_IMETHODIMP nsNSSSocketInfo::GetRememberClientAuthCertificate(bool *aRememberClientAuthCertificate) { NS_ENSURE_ARG_POINTER(aRememberClientAuthCertificate); diff --git a/security/manager/ssl/src/nsNSSIOLayer.h b/security/manager/ssl/src/nsNSSIOLayer.h index d8b9d8e9cc4..098eacb105d 100644 --- a/security/manager/ssl/src/nsNSSIOLayer.h +++ b/security/manager/ssl/src/nsNSSIOLayer.h @@ -107,6 +107,11 @@ public: return result; } + void SetSSLVersionUsed(int16_t version) + { + mSSLVersionUsed = version; + } + private: PRFileDesc* mFd; @@ -136,6 +141,7 @@ private: // Values are from nsISSLSocketControl int16_t mKEAUsed; int16_t mKEAExpected; + int16_t mSSLVersionUsed; uint32_t mProviderFlags; mozilla::TimeStamp mSocketCreationTimestamp;