| commit | b127ca8a1aca94228508d74ec84e5bed4be4f2da | |
| author | davidben <davidben@chromium.org> | |
| Mon, 15 Jun 2015 19:05:42 +0000 (15 12:05 -0700) | ||
| committer | Commit bot <commit-bot@chromium.org> | |
| Mon, 15 Jun 2015 19:06:12 +0000 (15 19:06 +0000) | ||
| tree | 487b1372423473c9349e4c246e26d757719a019b | treesnapshot (tar.gz zip) |
| parent | b450c04bdd034475f196b92c1546aacf60dd5315 | commitdiff |
Disable the TLS 1.0 version fallback.
Re-enable the SSLFallbackVersionMin admin policy, this time documented for the
TLS 1.0 fallback.
As with when the SSL 3.0 was removed, we for now will continue to attempt
fallbacks beyond the minimum version. But, if they succeed, the connection is
shut off and a dedicated error code is returned. This slightly tweaks the
string for that error code since this isn't in response to, e.g. POODLE, unlike
with SSL 3.0.
(Although, being able to securely negotiate > TLS 1.0 means we don't have to
worry about BEAST, in case the server's not doing record-splitting.)
This does not yet remove the TLS 1.1 fallback leg.
BUG=498998
Review URL: https://codereview.chromium.org/1173193004
Cr-Commit-Position: refs/heads/master@{#334430}
Re-enable the SSLFallbackVersionMin admin policy, this time documented for the
TLS 1.0 fallback.
As with when the SSL 3.0 was removed, we for now will continue to attempt
fallbacks beyond the minimum version. But, if they succeed, the connection is
shut off and a dedicated error code is returned. This slightly tweaks the
string for that error code since this isn't in response to, e.g. POODLE, unlike
with SSL 3.0.
(Although, being able to securely negotiate > TLS 1.0 means we don't have to
worry about BEAST, in case the server's not doing record-splitting.)
This does not yet remove the TLS 1.1 fallback leg.
BUG=498998
Review URL: https://codereview.chromium.org/1173193004
Cr-Commit-Position: refs/heads/master@{#334430}