Changeset 181073 in webkit


Ignore:
Timestamp:
Mar 5, 2015 1:27:21 AM (9 years ago)
Author:
commit-queue@webkit.org
Message:

[SOUP] Disable RC4
https://bugs.webkit.org/show_bug.cgi?id=140014

Patch by Michael Catanzaro <Michael Catanzaro> on 2015-03-05
Reviewed by Carlos Garcia Campos.

Disallow RC4-based ciphersuites when performing TLS negotiation,
because it is no longer considered secure.

  • NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp:

(main):

  • WebProcess/EntryPoint/unix/WebProcessMain.cpp:

(main):

Location:
trunk/Source/WebKit2
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit2/ChangeLog

    r181064 r181073  
     12015-03-05  Michael Catanzaro  <mcatanzaro@igalia.com>
     2
     3        [SOUP] Disable RC4
     4        https://bugs.webkit.org/show_bug.cgi?id=140014
     5
     6        Reviewed by Carlos Garcia Campos.
     7
     8        Disallow RC4-based ciphersuites when performing TLS negotiation,
     9        because it is no longer considered secure.
     10
     11        * NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp:
     12        (main):
     13        * WebProcess/EntryPoint/unix/WebProcessMain.cpp:
     14        (main):
     15
    1162015-03-04  Yusuke Suzuki  <utatane.tea@gmail.com>
    217

  • trunk/Source/WebKit2/NetworkProcess/EntryPoint/unix/NetworkProcessMain.cpp

    r176252 r181073  
    3838    // GnuTLS or simply stops parsing this variable. We intentionally do not
    3939    // overwrite this priority string if it's already set by the user.
    40     // Keep this in sync with WebProcessMain.cpp.
    4140    // https://bugzilla.gnome.org/show_bug.cgi?id=738633
    42     setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:%LATEST_RECORD_VERSION:!VERS-SSL3.0", 0);
     41    // WARNING: This needs to be KEPT IN SYNC with WebProcessMain.cpp.
     42    setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:%LATEST_RECORD_VERSION:!VERS-SSL3.0:!ARCFOUR-128", 0);
    4343
    4444    return NetworkProcessMainUnix(argc, argv);

  • trunk/Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp

    r176252 r181073  
    3838    // GnuTLS or simply stops parsing this variable. We intentionally do not
    3939    // overwrite this priority string if it's already set by the user.
    40     // Keep this in sync with NetworkProcessMain.cpp.
    4140    // https://bugzilla.gnome.org/show_bug.cgi?id=738633
    42     setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:%LATEST_RECORD_VERSION:!VERS-SSL3.0", 0);
     41    // WARNING: This needs to be KEPT IN SYNC with WebProcessMain.cpp.
     42    setenv("G_TLS_GNUTLS_PRIORITY", "NORMAL:%COMPAT:%LATEST_RECORD_VERSION:!VERS-SSL3.0:!ARCFOUR-128", 0);
    4343
    4444    return WebProcessMainUnix(argc, argv);
Note: See TracChangeset for help on using the changeset viewer.