Google Git
Sign in
chromium / chromium / src.git / 06c20c22b671514f07637a10cd3d77d575d94ba0^! / . / content / renderer / render_frame_impl.h
commit06c20c22b671514f07637a10cd3d77d575d94ba0[log] [tgz]
authorDavid Benjamin <[email protected]>Fri Nov 16 03:29:15 2018
committerCommit Bot <[email protected]>Fri Nov 16 03:29:15 2018
tree53f698f802eeca4c7cf51ebdb47088900f04fee3
parentd4d4982b0194be931bed90ddc79afdbdfab343ad [diff] [blame]
Warn in the DevTools console for TLS 1.0 and 1.1.

This is a reland of https://chromium-review.googlesource.com/c/1324878,
but with the suppression added for macOS layout tests too.

TLS 1.0 and 1.1 are deprecated. See:
https://security.googleblog.com/2018/10/modernizing-transport-security.html
https://groups.google.com/a/chromium.org/d/msg/blink-dev/EHSnAn2rucg/oiu0DoQ0CAAJ

As part of that deprecation, show a console warning in DevTools and also
add a Blink-level UseCounter. (We typically measure things at the
connection or request level for network features, but since we're
plumbing this in anyway, go ahead and add one.) I mirrored the plumbing
and UseCounters for Symantec certificates.

[email protected],[email protected],[email protected]

Bug: 896013
Change-Id: I06c93e3ac82f9b07c92193ca75e4c2d8d711d34d
Reviewed-on: https://chromium-review.googlesource.com/c/1338559
Commit-Queue: David Benjamin <[email protected]>
Reviewed-by: David Benjamin <[email protected]>
Cr-Commit-Position: refs/heads/master@{#608649}
diff --git a/content/renderer/render_frame_impl.h b/content/renderer/render_frame_impl.h
index 23a5ac4..15d428b 100644
--- a/content/renderer/render_frame_impl.h
+++ b/content/renderer/render_frame_impl.h

@@ -711,6 +711,7 @@
   void DidRunContentWithCertificateErrors() override;
   void ReportLegacySymantecCert(const blink::WebURL& url,
                                 bool did_fail) override;
+  void ReportLegacyTLSVersion(const blink::WebURL& url) override;
   void DidChangePerformanceTiming() override;
   void DidObserveLoadingBehavior(
       blink::WebLoadingBehaviorFlag behavior) override;
@@ -1581,13 +1582,14 @@
   blink::mojom::ClipboardHostPtr clipboard_host_;
 #endif
 
-  // Used to cap the number of console messages that are printed to warn about
-  // legacy certificates that will be distrusted in future or have already been
-  // distrusted.
-  uint32_t num_certificate_warning_messages_ = 0;
-  // The origins for which a legacy certificate warning has been printed.
+  // The origins for which a legacy certificate warning has been printed. The
+  // size of this set is capped, after which no more warnings are printed.
   std::set<url::Origin> certificate_warning_origins_;
 
+  // The origins for which a legacy TLS version warning has been printed. The
+  // size of this set is capped, after which no more warnings are printed.
+  std::set<url::Origin> tls_version_warning_origins_;
+
   std::unique_ptr<WebSocketHandshakeThrottleProvider>
       websocket_handshake_throttle_provider_;