Bug 215424

Summary: Fail preconnect requests to deprecated TLS instead of allowing application to show warning
Product: WebKit Reporter: Alex Christensen <achristensen>
Component: New BugsAssignee: Alex Christensen <achristensen>
Severity: Normal CC: ggaren, mjs, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=215791
Description Flags
Patch none

Description Alex Christensen 2020-08-12 13:18:13 PDT
Fail preconnect requests to deprecated TLS instead of allowing application to show warning
Comment 1 Alex Christensen 2020-08-12 13:24:02 PDT
Created attachment 406469 [details]
Comment 2 Alex Christensen 2020-08-12 13:42:57 PDT
Comment 3 Geoffrey Garen 2020-08-12 13:54:11 PDT
Comment on attachment 406469 [details]

View in context: https://bugs.webkit.org/attachment.cgi?id=406469&action=review


> Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:678
> +        if (negotiatedLegacyTLS == NegotiatedLegacyTLS::Yes && task._preconnect)
> +            return completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge, nil);

Seems like we should also check the TLS deprecation feature flag here?
Comment 4 Alex Christensen 2020-08-12 16:04:04 PDT
Comment on attachment 406469 [details]

There isn't a clean feature flag for this, especially not in the network process.  We have systemAllowsLegacyTLSFor, but even if that returns true we want to block the preconnect handshake to fix this bug.
Comment 5 EWS 2020-08-12 16:06:24 PDT
Committed r265573: <https://trac.webkit.org/changeset/265573>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 406469 [details].
Comment 6 Radar WebKit Bug Importer 2020-08-12 16:07:21 PDT
Comment 7 Alex Christensen 2020-08-24 19:48:50 PDT
This made one API test flaky.  No idea why it didn't fail until almost two weeks later, but I investigated it and it's no problem.  Fixing it in bug 215791.
Comment 8 Alex Christensen 2020-09-18 10:15:41 PDT
Another test needed updating in https://bugs.webkit.org/show_bug.cgi?id=216704