Bug 215424

Summary: Fail preconnect requests to deprecated TLS instead of allowing application to show warning
Product: WebKit Reporter: Alex Christensen <achristensen>
Component: New BugsAssignee: Alex Christensen <achristensen>
Status: RESOLVED FIXED    
Severity: Normal CC: ggaren, mjs, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=215791
Attachments:
Description Flags
Patch none

Alex Christensen
Reported 2020-08-12 13:18:13 PDT
Fail preconnect requests to deprecated TLS instead of allowing application to show warning
Attachments
Patch (3.84 KB, patch)
2020-08-12 13:24 PDT, Alex Christensen 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alex Christensen
Comment 1 2020-08-12 13:24:02 PDT
Created attachment 406469 [details] Patch
Alex Christensen
Comment 2 2020-08-12 13:42:57 PDT
rdar://problem/66784116
Geoffrey Garen
Comment 3 2020-08-12 13:54:11 PDT
Comment on attachment 406469 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=406469&action=review r=me > Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:678 > + if (negotiatedLegacyTLS == NegotiatedLegacyTLS::Yes && task._preconnect) > + return completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge, nil); Seems like we should also check the TLS deprecation feature flag here?
Alex Christensen
Comment 4 2020-08-12 16:04:04 PDT
Comment on attachment 406469 [details] Patch There isn't a clean feature flag for this, especially not in the network process. We have systemAllowsLegacyTLSFor, but even if that returns true we want to block the preconnect handshake to fix this bug.
EWS
Comment 5 2020-08-12 16:06:24 PDT
Committed r265573: <https://trac.webkit.org/changeset/265573> All reviewed patches have been landed. Closing bug and clearing flags on attachment 406469 [details].
Radar WebKit Bug Importer
Comment 6 2020-08-12 16:07:21 PDT
<rdar://problem/66941740>
Alex Christensen
Comment 7 2020-08-24 19:48:50 PDT
This made one API test flaky. No idea why it didn't fail until almost two weeks later, but I investigated it and it's no problem. Fixing it in bug 215791.
Alex Christensen
Comment 8 2020-09-18 10:15:41 PDT
Another test needed updating in https://bugs.webkit.org/show_bug.cgi?id=216704
Note You need to log in before you can comment on or make changes to this bug.