browser: flag to diable specified cipher suites

2015-10-20 02:26:01 +05:30 · 2015-10-20 02:26:01 +05:30 · 9f8479e9d8
commit 9f8479e9d8
parent 0e94ccb72b
4 changed files with 35 additions and 0 deletions
--- a/atom/browser/atom_ssl_config_service.cc
+++ b/atom/browser/atom_ssl_config_service.cc
@ -5,11 +5,14 @@
 #include "atom/browser/atom_ssl_config_service.h"

 #include <string>
+#include <vector>

 #include "base/command_line.h"
+#include "base/strings/string_split.h"
 #include "atom/common/options_switches.h"
 #include "content/public/browser/browser_thread.h"
 #include "net/socket/ssl_client_socket.h"
+#include "net/ssl/ssl_cipher_suite_names.h"

 namespace atom {

@ -26,6 +29,23 @@ uint16 GetSSLProtocolVersion(const std::string& version_string) {
  return version;
 }

+std::vector<uint16> ParseCipherSuites(
+    const std::vector<std::string>& cipher_strings) {
+  std::vector<uint16> cipher_suites;
+  cipher_suites.reserve(cipher_strings.size());
+
+  for (auto& cipher_string : cipher_strings) {
+    uint16 cipher_suite = 0;
+    if (!net::ParseSSLCipherString(cipher_string, &cipher_suite)) {
+      LOG(ERROR) << "Ignoring unrecognised cipher suite : "
+                 << cipher_string;
+      continue;
+    }
+    cipher_suites.push_back(cipher_suite);
+  }
+  return cipher_suites;
+}
+
 }  // namespace

 AtomSSLConfigService::AtomSSLConfigService() {
@ -35,6 +55,13 @@ AtomSSLConfigService::AtomSSLConfigService() {
        cmd_line->GetSwitchValueASCII(switches::kSSLVersionFallbackMin);
    config_.version_fallback_min = GetSSLProtocolVersion(version_string);
  }
+
+  if (cmd_line->HasSwitch(switches::kCipherSuiteBlacklist)) {
+    auto cipher_strings = base::SplitString(
+        cmd_line->GetSwitchValueASCII(switches::kCipherSuiteBlacklist),
+        ",", base::TRIM_WHITESPACE, base::SPLIT_WANT_NONEMPTY);
+    config_.disabled_cipher_suites = ParseCipherSuites(cipher_strings);
+  }
 }

 AtomSSLConfigService::~AtomSSLConfigService() {