Changeset 255522 in webkit

Timestamp:

Jan 31, 2020, 3:16:47 PM (6 years ago)

Author:

commit-queue@webkit.org

Message:

Add KVO SPI WKWebView._negotiatedLegacyTLS
​https://bugs.webkit.org/show_bug.cgi?id=207067

Patch by Alex Christensen <​achristensen@webkit.org> on 2020-01-31
Reviewed by Andy Estes.

Source/WebKit:

Covered by API tests.

• NetworkProcess/NetworkDataTask.cpp:

(WebKit::NetworkDataTask::negotiatedLegacyTLS const):

• NetworkProcess/NetworkDataTask.h:

(WebKit::NetworkDataTaskClient::negotiatedLegacyTLS const):

• NetworkProcess/NetworkLoad.cpp:

(WebKit::NetworkLoad::negotiatedLegacyTLS const):

• NetworkProcess/NetworkLoad.h:
• NetworkProcess/cocoa/NetworkSessionCocoa.mm:

(-[WKNetworkSessionDelegate URLSession:dataTask:didReceiveResponse:completionHandler:]):

• Shared/Authentication/AuthenticationManager.cpp:

(WebKit::AuthenticationManager::negotiatedLegacyTLS const):

• Shared/Authentication/AuthenticationManager.h:
• UIProcess/API/Cocoa/WKWebView.mm:

(-[WKWebView _negotiatedLegacyTLS]):

• UIProcess/API/Cocoa/WKWebViewPrivate.h:
• UIProcess/Cocoa/NavigationState.h:
• UIProcess/Cocoa/NavigationState.mm:

(WebKit::NavigationState::willChangeNegotiatedLegacyTLS):
(WebKit::NavigationState::didChangeNegotiatedLegacyTLS):

• UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::negotiatedLegacyTLS):

• UIProcess/Network/NetworkProcessProxy.h:
• UIProcess/Network/NetworkProcessProxy.messages.in:
• UIProcess/PageLoadState.cpp:

(WebKit::PageLoadState::commitChanges):
(WebKit::PageLoadState::hasNegotiatedLegacyTLS const):
(WebKit::PageLoadState::negotiatedLegacyTLS):
(WebKit::PageLoadState::didCommitLoad):

• UIProcess/PageLoadState.h:

(WebKit::PageLoadState::Observer::willChangeNegotiatedLegacyTLS):
(WebKit::PageLoadState::Observer::didChangeNegotiatedLegacyTLS):
(WebKit::PageLoadState::Data::Data): Deleted.

• UIProcess/WebPageProxy.cpp:
• UIProcess/WebPageProxy.h:

Tools:

• TestWebKitAPI/Tests/WebKitCocoa/TLSDeprecation.mm:

(-[TLSObserver observeValueForKeyPath:ofObject:change:context:]):
(-[TLSObserver waitUntilNegotiatedLegacyTLSChanged]):
(TestWebKitAPI::TEST):

• TestWebKitAPI/config.h:

Location:

trunk

Files:

• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/NetworkProcess/NetworkDataTask.cpp (modified) (1 diff)
• Source/WebKit/NetworkProcess/NetworkDataTask.h (modified) (2 diffs)
• Source/WebKit/NetworkProcess/NetworkLoad.cpp (modified) (1 diff)
• Source/WebKit/NetworkProcess/NetworkLoad.h (modified) (1 diff)
• Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm (modified) (1 diff)
• Source/WebKit/Shared/Authentication/AuthenticationManager.cpp (modified) (1 diff)
• Source/WebKit/Shared/Authentication/AuthenticationManager.h (modified) (1 diff)
• Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm (modified) (1 diff)
• Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h (modified) (1 diff)
• Source/WebKit/UIProcess/Cocoa/NavigationState.h (modified) (1 diff)
• Source/WebKit/UIProcess/Cocoa/NavigationState.mm (modified) (1 diff)
• Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp (modified) (1 diff)
• Source/WebKit/UIProcess/Network/NetworkProcessProxy.h (modified) (1 diff)
• Source/WebKit/UIProcess/Network/NetworkProcessProxy.messages.in (modified) (1 diff)
• Source/WebKit/UIProcess/PageLoadState.cpp (modified) (5 diffs)
• Source/WebKit/UIProcess/PageLoadState.h (modified) (4 diffs)
• Source/WebKit/UIProcess/WebPageProxy.cpp (modified) (1 diff)
• Source/WebKit/UIProcess/WebPageProxy.h (modified) (1 diff)
• Tools/ChangeLog (modified) (1 diff)
• Tools/TestWebKitAPI/Tests/WebKitCocoa/TLSDeprecation.mm (modified) (2 diffs)
• Tools/TestWebKitAPI/config.h (modified) (1 diff)

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2020-01-31  Alex Christensen  <achristensen@webkit.org>
+
+        Add KVO SPI WKWebView._negotiatedLegacyTLS
+        https://bugs.webkit.org/show_bug.cgi?id=207067
+
+        Reviewed by Andy Estes.
+
+        Covered by API tests.
+
+        * NetworkProcess/NetworkDataTask.cpp:
+        (WebKit::NetworkDataTask::negotiatedLegacyTLS const):
+        * NetworkProcess/NetworkDataTask.h:
+        (WebKit::NetworkDataTaskClient::negotiatedLegacyTLS const):
+        * NetworkProcess/NetworkLoad.cpp:
+        (WebKit::NetworkLoad::negotiatedLegacyTLS const):
+        * NetworkProcess/NetworkLoad.h:
+        * NetworkProcess/cocoa/NetworkSessionCocoa.mm:
+        (-[WKNetworkSessionDelegate URLSession:dataTask:didReceiveResponse:completionHandler:]):
+        * Shared/Authentication/AuthenticationManager.cpp:
+        (WebKit::AuthenticationManager::negotiatedLegacyTLS const):
+        * Shared/Authentication/AuthenticationManager.h:
+        * UIProcess/API/Cocoa/WKWebView.mm:
+        (-[WKWebView _negotiatedLegacyTLS]):
+        * UIProcess/API/Cocoa/WKWebViewPrivate.h:
+        * UIProcess/Cocoa/NavigationState.h:
+        * UIProcess/Cocoa/NavigationState.mm:
+        (WebKit::NavigationState::willChangeNegotiatedLegacyTLS):
+        (WebKit::NavigationState::didChangeNegotiatedLegacyTLS):
+        * UIProcess/Network/NetworkProcessProxy.cpp:
+        (WebKit::NetworkProcessProxy::negotiatedLegacyTLS):
+        * UIProcess/Network/NetworkProcessProxy.h:
+        * UIProcess/Network/NetworkProcessProxy.messages.in:
+        * UIProcess/PageLoadState.cpp:
+        (WebKit::PageLoadState::commitChanges):
+        (WebKit::PageLoadState::hasNegotiatedLegacyTLS const):
+        (WebKit::PageLoadState::negotiatedLegacyTLS):
+        (WebKit::PageLoadState::didCommitLoad):
+        * UIProcess/PageLoadState.h:
+        (WebKit::PageLoadState::Observer::willChangeNegotiatedLegacyTLS):
+        (WebKit::PageLoadState::Observer::didChangeNegotiatedLegacyTLS):
+        (WebKit::PageLoadState::Data::Data): Deleted.
+        * UIProcess/WebPageProxy.cpp:
+        * UIProcess/WebPageProxy.h:
+
 2020-01-31  Chris Dumez  <cdumez@apple.com>
 

trunk/Source/WebKit/NetworkProcess/NetworkDataTask.cpp

@@ -117 +117 @@
 }
 
+void NetworkDataTask::negotiatedLegacyTLS() const
+{
+    if (m_client)
+        m_client->negotiatedLegacyTLS();
+}
+
 bool NetworkDataTask::shouldCaptureExtraNetworkLoadMetrics() const
 {

trunk/Source/WebKit/NetworkProcess/NetworkDataTask.h

@@ -71 +71 @@
     virtual void wasBlockedByRestrictions() = 0;
 
+    virtual void negotiatedLegacyTLS() const { }
     virtual bool shouldCaptureExtraNetworkLoadMetrics() const { return false; }
 
@@ -93 +94 @@
 
     void didReceiveResponse(WebCore::ResourceResponse&&, ResponseCompletionHandler&&);
+    void negotiatedLegacyTLS() const;
     bool shouldCaptureExtraNetworkLoadMetrics() const;
 

trunk/Source/WebKit/NetworkProcess/NetworkLoad.cpp

@@ -207 +207 @@
 }
 
+void NetworkLoad::negotiatedLegacyTLS() const
+{
+    m_networkProcess->authenticationManager().negotiatedLegacyTLS(m_parameters.webPageProxyID);
+}
+
 void NetworkLoad::didReceiveResponse(ResourceResponse&& response, ResponseCompletionHandler&& completionHandler)
 {

trunk/Source/WebKit/NetworkProcess/NetworkLoad.h

@@ -82 +82 @@
     void cannotShowURL() final;
     void wasBlockedByRestrictions() final;
+    void negotiatedLegacyTLS() const final;
 
     void notifyDidReceiveResponse(WebCore::ResourceResponse&&, ResponseCompletionHandler&&);

trunk/Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm

@@ -814 +814 @@
     if (auto* networkDataTask = [self existingTask:dataTask]) {
         ASSERT(RunLoop::isMain());
+
+        bool negotiatedLegacyTLS = false;
+#if HAVE(TLS_PROTOCOL_VERSION_T)
+        NSURLSessionTaskTransactionMetrics *metrics = dataTask._incompleteTaskMetrics.transactionMetrics.lastObject;
+        auto tlsVersion = reinterpret_cast<tls_protocol_version_t>(metrics.negotiatedTLSProtocolVersion.unsignedShortValue);
+        if (tlsVersion == tls_protocol_version_TLSv10 || tlsVersion == tls_protocol_version_TLSv11)
+            negotiatedLegacyTLS = true;
+        UNUSED_PARAM(metrics);
+#else // We do not need to check _TLSNegotiatedProtocolVersion if we have metrics.negotiatedTLSProtocolVersion because it works at response time even before rdar://problem/56522601
+        ALLOW_DEPRECATED_DECLARATIONS_BEGIN
+        if ([dataTask respondsToSelector:@selector(_TLSNegotiatedProtocolVersion)]) {
+            SSLProtocol tlsVersion = [dataTask _TLSNegotiatedProtocolVersion];
+            if (tlsVersion == kTLSProtocol11 || tlsVersion == kTLSProtocol1)
+                negotiatedLegacyTLS = true;
+        }
+        ALLOW_DEPRECATED_DECLARATIONS_END
+#endif
+        if (negotiatedLegacyTLS)
+            networkDataTask->negotiatedLegacyTLS();
         
         // Avoid MIME type sniffing if the response comes back as 304 Not Modified.

trunk/Source/WebKit/Shared/Authentication/AuthenticationManager.cpp

@@ -150 +150 @@
 }
 
+void AuthenticationManager::negotiatedLegacyTLS(WebPageProxyIdentifier pageID) const
+{
+    m_process.send(Messages::NetworkProcessProxy::NegotiatedLegacyTLS(pageID));
+}
+
 } // namespace WebKit

trunk/Source/WebKit/Shared/Authentication/AuthenticationManager.h

@@ -76 +76 @@
     void completeAuthenticationChallenge(uint64_t challengeID, AuthenticationChallengeDisposition, WebCore::Credential&&);
 
+    void negotiatedLegacyTLS(WebPageProxyIdentifier) const;
+
 private:
     struct Challenge {

trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm

@@ -1551 +1551 @@
 }
 
+- (BOOL)_negotiatedLegacyTLS
+{
+    return _page->pageLoadState().hasNegotiatedLegacyTLS();
+}
+
 - (BOOL)_isEditable
 {

trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebViewPrivate.h

@@ -165 +165 @@
 @property (nonatomic, getter=_isEditable, setter=_setEditable:) BOOL _editable WK_API_AVAILABLE(macos(10.11), ios(9.0));
 
+/*! @abstract A Boolean value indicating whether any resource on the page
+has been loaded over a connection using TLS 1.0 or TLS 1.1.
+@discussion @link WKWebView @/link is key-value observing (KVO) compliant
+for this property.
+*/
+@property (nonatomic, readonly) BOOL _negotiatedLegacyTLS WK_API_AVAILABLE(macos(WK_MAC_TBA), ios(WK_IOS_TBA));
+
 // FIXME: Remove these once nobody is using them.
 @property (nonatomic, readonly) NSData *_sessionStateData;

trunk/Source/WebKit/UIProcess/Cocoa/NavigationState.h

@@ -171 +171 @@
     void willChangeHasOnlySecureContent() override;
     void didChangeHasOnlySecureContent() override;
+    void willChangeNegotiatedLegacyTLS() override;
+    void didChangeNegotiatedLegacyTLS() override;
     void willChangeEstimatedProgress() override;
     void didChangeEstimatedProgress() override;

trunk/Source/WebKit/UIProcess/Cocoa/NavigationState.mm

@@ -1322 +1322 @@
 }
 
+void NavigationState::willChangeNegotiatedLegacyTLS()
+{
+    [m_webView willChangeValueForKey:@"_negotiatedLegacyTLS"];
+}
+
+void NavigationState::didChangeNegotiatedLegacyTLS()
+{
+    [m_webView didChangeValueForKey:@"_negotiatedLegacyTLS"];
+}
+
 void NavigationState::willChangeEstimatedProgress()
 {

trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp

@@ -370 +370 @@
 }
 
+void NetworkProcessProxy::negotiatedLegacyTLS(WebPageProxyIdentifier pageID)
+{
+    WebPageProxy* page = nullptr;
+    if (pageID)
+        page = WebProcessProxy::webPage(pageID);
+    if (page)
+        page->negotiatedLegacyTLS();
+}
+
 void NetworkProcessProxy::didFetchWebsiteData(uint64_t callbackID, const WebsiteData& websiteData)
 {

trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.h

@@ -237 +237 @@
     void didReceiveNetworkProcessProxyMessage(IPC::Connection&, IPC::Decoder&);
     void didReceiveAuthenticationChallenge(PAL::SessionID, WebPageProxyIdentifier, const Optional<WebCore::SecurityOriginData>&, WebCore::AuthenticationChallenge&&, bool, uint64_t challengeID);
+    void negotiatedLegacyTLS(WebPageProxyIdentifier);
     void didFetchWebsiteData(uint64_t callbackID, const WebsiteData&);
     void didDeleteWebsiteData(uint64_t callbackID);

trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.messages.in

@@ -23 +23 @@
 messages -> NetworkProcessProxy LegacyReceiver NotRefCounted {
     DidReceiveAuthenticationChallenge(PAL::SessionID sessionID, WebKit::WebPageProxyIdentifier pageID, Optional<WebCore::SecurityOriginData> topOrigin, WebCore::AuthenticationChallenge challenge, bool negotiatedLegacyTLS, uint64_t challengeID)
+    NegotiatedLegacyTLS(WebKit::WebPageProxyIdentifier pageID)
 
     DidFetchWebsiteData(uint64_t callbackID, struct WebKit::WebsiteData websiteData)

trunk/Source/WebKit/UIProcess/PageLoadState.cpp

@@ -100 +100 @@
     bool activeURLChanged = activeURL(m_committedState) != activeURL(m_uncommittedState);
     bool hasOnlySecureContentChanged = hasOnlySecureContent(m_committedState) != hasOnlySecureContent(m_uncommittedState);
+    bool negotiatedLegacyTLSChanged = m_committedState.negotiatedLegacyTLS != m_uncommittedState.negotiatedLegacyTLS;
     bool estimatedProgressChanged = estimatedProgress(m_committedState) != estimatedProgress(m_uncommittedState);
     bool networkRequestsInProgressChanged = m_committedState.networkRequestsInProgress != m_uncommittedState.networkRequestsInProgress;
@@ -116 +117 @@
     if (hasOnlySecureContentChanged)
         callObserverCallback(&Observer::willChangeHasOnlySecureContent);
+    if (negotiatedLegacyTLSChanged)
+        callObserverCallback(&Observer::willChangeNegotiatedLegacyTLS);
     if (estimatedProgressChanged)
         callObserverCallback(&Observer::willChangeEstimatedProgress);
@@ -136 +139 @@
     if (hasOnlySecureContentChanged)
         callObserverCallback(&Observer::didChangeHasOnlySecureContent);
+    if (negotiatedLegacyTLSChanged)
+        callObserverCallback(&Observer::didChangeNegotiatedLegacyTLS);
     if (activeURLChanged)
         callObserverCallback(&Observer::didChangeActiveURL);
@@ -222 +227 @@
 }
 
+bool PageLoadState::hasNegotiatedLegacyTLS() const
+{
+    return m_committedState.negotiatedLegacyTLS;
+}
+
+void PageLoadState::negotiatedLegacyTLS(const Transaction::Token& token)
+{
+    ASSERT_UNUSED(token, &token.m_pageLoadState == this);
+    m_uncommittedState.negotiatedLegacyTLS = true;
+}
+
 double PageLoadState::estimatedProgress(const Data& data)
 {
@@ -313 +329 @@
     m_uncommittedState.url = m_uncommittedState.provisionalURL;
     m_uncommittedState.provisionalURL = String();
+    m_uncommittedState.negotiatedLegacyTLS = false;
 
     m_uncommittedState.title = String();

trunk/Source/WebKit/UIProcess/PageLoadState.h

@@ -63 +63 @@
         virtual void didChangeHasOnlySecureContent() = 0;
 
+        virtual void willChangeNegotiatedLegacyTLS() { };
+        virtual void didChangeNegotiatedLegacyTLS() { };
+
         virtual void willChangeEstimatedProgress() = 0;
         virtual void didChangeEstimatedProgress() = 0;
@@ -141 +144 @@
 
     bool hasOnlySecureContent() const;
+    bool hasNegotiatedLegacyTLS() const;
+    void negotiatedLegacyTLS(const Transaction::Token&);
 
     double estimatedProgress() const;
@@ -201 +206 @@
 
     struct Data {
-        Data()
-            : state(State::Finished)
-            , hasInsecureContent(false)
-            , canGoBack(false)
-            , canGoForward(false)
-            , estimatedProgress(0)
-            , networkRequestsInProgress(false)
-        {
-        }
-
-        State state;
-        bool hasInsecureContent;
+        State state { State::Finished };
+        bool hasInsecureContent { false };
+        bool negotiatedLegacyTLS { false };
 
         PendingAPIRequest pendingAPIRequest;
@@ -225 +221 @@
         URL resourceDirectoryURL;
 
-        bool canGoBack;
-        bool canGoForward;
-
-        double estimatedProgress;
-        bool networkRequestsInProgress;
+        bool canGoBack { false };
+        bool canGoForward { false };
+
+        double estimatedProgress { 0 };
+        bool networkRequestsInProgress { false };
 
         RefPtr<WebCertificateInfo> certificateInfo;

trunk/Source/WebKit/UIProcess/WebPageProxy.cpp

@@ -7714 +7714 @@
 }
 
+void WebPageProxy::negotiatedLegacyTLS()
+{
+    auto transaction = m_pageLoadState.transaction();
+    m_pageLoadState.negotiatedLegacyTLS(transaction);
+}
+
 void WebPageProxy::exceededDatabaseQuota(FrameIdentifier frameID, const String& originIdentifier, const String& databaseName, const String& displayName, uint64_t currentQuota, uint64_t currentOriginUsage, uint64_t currentDatabaseUsage, uint64_t expectedUsage, Messages::WebPageProxy::ExceededDatabaseQuota::DelayedReply&& reply)
 {

trunk/Source/WebKit/UIProcess/WebPageProxy.h

@@ -1336 +1336 @@
 
     void didReceiveAuthenticationChallengeProxy(Ref<AuthenticationChallengeProxy>&&, NegotiatedLegacyTLS);
+    void negotiatedLegacyTLS();
 
     SpellDocumentTag spellDocumentTag();

trunk/Tools/ChangeLog

@@ +1 @@
+2020-01-31  Alex Christensen  <achristensen@webkit.org>
+
+        Add KVO SPI WKWebView._negotiatedLegacyTLS
+        https://bugs.webkit.org/show_bug.cgi?id=207067
+
+        Reviewed by Andy Estes.
+
+        * TestWebKitAPI/Tests/WebKitCocoa/TLSDeprecation.mm:
+        (-[TLSObserver observeValueForKeyPath:ofObject:change:context:]):
+        (-[TLSObserver waitUntilNegotiatedLegacyTLSChanged]):
+        (TestWebKitAPI::TEST):
+        * TestWebKitAPI/config.h:
+
 2020-01-31  Aakash Jain  <aakash_jain@apple.com>
 

trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/TLSDeprecation.mm

@@ -44 +44 @@
 #endif
 
+#if HAVE(TLS_PROTOCOL_VERSION_T)
+@interface TLSObserver : NSObject
+- (void)waitUntilNegotiatedLegacyTLSChanged;
+@end
+
+@implementation TLSObserver {
+    bool _negotiatedLegacyTLSChanged;
+}
+
+- (void)observeValueForKeyPath:(NSString *)keyPath ofObject:(id)object change:(NSDictionary *)change context:(void *)context
+{
+    EXPECT_WK_STREQ(keyPath, "_negotiatedLegacyTLS");
+    _negotiatedLegacyTLSChanged = true;
+}
+
+- (void)waitUntilNegotiatedLegacyTLSChanged
+{
+    _negotiatedLegacyTLSChanged = false;
+    while (!_negotiatedLegacyTLSChanged)
+        TestWebKitAPI::Util::spinRunLoop();
+}
+
+@end
+#endif
+
 @interface TLSNavigationDelegate : NSObject <WKNavigationDelegate>
 - (void)waitForDidFinishNavigation;
@@ -203 +228 @@
 }
 
+#if HAVE(TLS_PROTOCOL_VERSION_T)
+TEST(TLSVersion, NegotiatedLegacyTLS)
+{
+    TCPServer server(TCPServer::Protocol::HTTPS, [] (SSL *ssl) {
+        TCPServer::respondWithOK(ssl);
+        TCPServer::respondWithOK(ssl);
+    }, tls1_1);
+
+    auto delegate = adoptNS([TestNavigationDelegate new]);
+    auto webView = adoptNS([WKWebView new]);
+    [webView setNavigationDelegate:delegate.get()];
+    [delegate setDidReceiveAuthenticationChallenge:^(WKWebView *, NSURLAuthenticationChallenge *challenge, void (^callback)(NSURLSessionAuthChallengeDisposition, NSURLCredential *)) {
+        EXPECT_WK_STREQ(challenge.protectionSpace.authenticationMethod, NSURLAuthenticationMethodServerTrust);
+        callback(NSURLSessionAuthChallengeUseCredential, [NSURLCredential credentialForTrust:challenge.protectionSpace.serverTrust]);
+    }];
+    NSURLRequest *request = [NSURLRequest requestWithURL:[NSURL URLWithString:[NSString stringWithFormat:@"https://127.0.0.1:%d/", server.port()]]];
+    [webView loadRequest:request];
+
+    auto observer = adoptNS([TLSObserver new]);
+    [webView addObserver:observer.get() forKeyPath:@"_negotiatedLegacyTLS" options:NSKeyValueObservingOptionNew context:nil];
+    
+    EXPECT_FALSE([webView _negotiatedLegacyTLS]);
+    [observer waitUntilNegotiatedLegacyTLSChanged];
+    EXPECT_TRUE([webView _negotiatedLegacyTLS]);
+
+    [webView loadRequest:[NSURLRequest requestWithURL:[[NSBundle mainBundle] URLForResource:@"simple" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"]]];
+    [observer waitUntilNegotiatedLegacyTLSChanged];
+    EXPECT_FALSE([webView _negotiatedLegacyTLS]);
+
+    [webView loadRequest:request];
+    [observer waitUntilNegotiatedLegacyTLSChanged];
+    EXPECT_TRUE([webView _negotiatedLegacyTLS]);
+
+    [webView removeObserver:observer.get() forKeyPath:@"_negotiatedLegacyTLS"];
+}
+#endif
+
 // FIXME: Add some tests for WKWebView.hasOnlySecureContent
 

trunk/Tools/TestWebKitAPI/config.h

@@ -123 +123 @@
 #define HAVE_NETWORK_FRAMEWORK 1
 #endif
+
+#if PLATFORM(COCOA) && !(PLATFORM(MAC) && __MAC_OS_X_VERSION_MIN_REQUIRED < 101500)
+#define HAVE_TLS_PROTOCOL_VERSION_T 1
+#endif