Summary: | Fail preconnect requests to deprecated TLS instead of allowing application to show warning | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Alex Christensen <achristensen> | ||||
Component: | New Bugs | Assignee: | Alex Christensen <achristensen> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | ggaren, mjs, webkit-bug-importer | ||||
Priority: | P2 | Keywords: | InRadar | ||||
Version: | WebKit Nightly Build | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
See Also: | https://bugs.webkit.org/show_bug.cgi?id=215791 | ||||||
Attachments: |
|
Description
Alex Christensen
2020-08-12 13:18:13 PDT
Created attachment 406469 [details]
Patch
Comment on attachment 406469 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=406469&action=review r=me > Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:678 > + if (negotiatedLegacyTLS == NegotiatedLegacyTLS::Yes && task._preconnect) > + return completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge, nil); Seems like we should also check the TLS deprecation feature flag here? Comment on attachment 406469 [details]
Patch
There isn't a clean feature flag for this, especially not in the network process. We have systemAllowsLegacyTLSFor, but even if that returns true we want to block the preconnect handshake to fix this bug.
Committed r265573: <https://trac.webkit.org/changeset/265573> All reviewed patches have been landed. Closing bug and clearing flags on attachment 406469 [details]. This made one API test flaky. No idea why it didn't fail until almost two weeks later, but I investigated it and it's no problem. Fixing it in bug 215791. Another test needed updating in https://bugs.webkit.org/show_bug.cgi?id=216704 |