wine/gecko
0
0
Fork 0
mirror of https://gitlab.winehq.org/wine/wine-gecko.git synced 2024-09-13 09:24:08 -07:00
Code Issues Packages Projects Releases Wiki Activity

Bug 1207137 - Set a security state flag when weak crypto override is needed. r=keeler

Browse Source
This commit is contained in:
Masatoshi Kimura 2015-10-17 09:38:30 +09:00
parent def8a85bde
commit 46ddf34eb3
1 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
security/manager/ssl/nsNSSIOLayer.cpp
View File

@ -1111,15 +1111,21 @@ retryDueToTLSIntolerance(PRErrorCode err, nsNSSSocketInfo* socketInfo)
if ((err == SSL_ERROR_NO_CYPHER_OVERLAP || err == PR_END_OF_FILE_ERROR ||
err == PR_CONNECT_RESET_ERROR) &&
(!fallbackLimitReached || helpers.mUnrestrictedRC4Fallback) &&
nsNSSComponent::AreAnyWeakCiphersEnabled()) {
if (helpers.rememberStrongCiphersFailed(socketInfo->GetHostName(),
socketInfo->GetPort(), err)) {
Telemetry::Accumulate(Telemetry::SSL_WEAK_CIPHERS_FALLBACK,
tlsIntoleranceTelemetryBucket(err));
return true;
nsNSSComponent::AreAnyWeakCiphersEnabled()) {
if (!fallbackLimitReached || helpers.mUnrestrictedRC4Fallback) {
if (helpers.rememberStrongCiphersFailed(socketInfo->GetHostName(),
socketInfo->GetPort(), err)) {
Telemetry::Accumulate(Telemetry::SSL_WEAK_CIPHERS_FALLBACK,
tlsIntoleranceTelemetryBucket(err));
return true;
}
Telemetry::Accumulate(Telemetry::SSL_WEAK_CIPHERS_FALLBACK, 0);
} else if (err == SSL_ERROR_NO_CYPHER_OVERLAP) {
// Indicate that the override UI should be shown.
socketInfo->SetSecurityState(
nsIWebProgressListener::STATE_IS_INSECURE |
nsIWebProgressListener::STATE_USES_WEAK_CRYPTO);
}
Telemetry::Accumulate(Telemetry::SSL_WEAK_CIPHERS_FALLBACK, 0);
}
// When not using a proxy we'll see a connection reset error.