201573 – Disable TLS 1.0 and 1.1 in WebSockets

Bug 201573 - Disable TLS 1.0 and 1.1 in WebSockets

Summary: Disable TLS 1.0 and 1.1 in WebSockets

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Alex Christensen

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2019-09-06 20:31 PDT by Alex Christensen
Modified:	2019-09-12 17:21 PDT (History)
CC List:	2 users (show)

See Also:	201745

Attachments
Patch (37.31 KB, patch) 2019-09-06 20:37 PDT, Alex Christensen	no flags	Details \| Formatted Diff \| Diff
Patch (37.32 KB, patch) 2019-09-06 21:35 PDT, Alex Christensen	no flags	Details \| Formatted Diff \| Diff
fix windows build (37.32 KB, patch) 2019-09-07 09:11 PDT, Alex Christensen	no flags	Details \| Formatted Diff \| Diff
Patch (39.01 KB, patch) 2019-09-09 18:08 PDT, Alex Christensen	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (3) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alex Christensen 2019-09-06 20:31:24 PDT

Disable TLS 1.0 and 1.1 in WebSockets

Comment 1 Alex Christensen 2019-09-06 20:37:45 PDT

Created attachment 378269 [details]
Patch

Comment 2 Alex Christensen 2019-09-06 21:35:12 PDT

Created attachment 378277 [details]
Patch

Comment 3 Alex Christensen 2019-09-07 09:10:08 PDT

Layout test failure unrelated.

Comment 4 Alex Christensen 2019-09-07 09:11:40 PDT

Created attachment 378293 [details]
fix windows build

Comment 5 youenn fablet 2019-09-08 23:31:43 PDT

Comment on attachment 378293 [details]
fix windows build

View in context: https://bugs.webkit.org/attachment.cgi?id=378293&action=review

> Source/WebCore/platform/network/cf/SocketStreamHandleImplCFNet.cpp:314
> +void SocketStreamHandleImpl::setLegacyTLSEnabledCheck(Function<bool()>&& function)

Can we just have setLegacyTLSEnabledCheck take a bool?

> Source/WebKit/NetworkProcess/cocoa/NetworkProcessCocoa.mm:75
> +    });

We coud write it as WebCore::SocketStreamHandleImpl::setLegacyTLSEnabledCheck(parameters.enableLegacyTLS)

> Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm:285
> +    parameters.defaultDataStoreParameters.networkSessionParameters.enableLegacyTLS = parameters.enableLegacyTLS;

We disable it for WebKit2.
Can we also do the same for WebKit1?

Comment 6 Alex Christensen 2019-09-09 18:08:20 PDT

Created attachment 378421 [details]
Patch

Comment 7 Alex Christensen 2019-09-09 18:39:31 PDT

http://trac.webkit.org/r249684

Comment 8 Radar WebKit Bug Importer 2019-09-09 18:40:19 PDT

<rdar://problem/55207423>

Comment 9 Alex Christensen 2019-09-09 20:44:41 PDT

Looking into iOS api test failures...

Comment 10 Alex Christensen 2019-09-09 21:30:53 PDT

http://trac.webkit.org/r249704