Bug 215424 - Fail preconnect requests to deprecated TLS instead of allowing application to show warning
Summary: Fail preconnect requests to deprecated TLS instead of allowing application to...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Alex Christensen
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2020-08-12 13:18 PDT by Alex Christensen
Modified: 2020-09-18 10:15 PDT (History)
3 users (show)

See Also:

Attachments
Patch (3.84 KB, patch)
2020-08-12 13:24 PDT, Alex Christensen 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Christensen 2020-08-12 13:18:13 PDT 
Fail preconnect requests to deprecated TLS instead of allowing application to show warning
Comment 1 Alex Christensen 2020-08-12 13:24:02 PDT 
Created attachment 406469 [details]
Patch
Comment 2 Alex Christensen 2020-08-12 13:42:57 PDT 
rdar://problem/66784116
Comment 3 Geoffrey Garen 2020-08-12 13:54:11 PDT 
Comment on attachment 406469 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=406469&action=review

r=me

> Source/WebKit/NetworkProcess/cocoa/NetworkSessionCocoa.mm:678
> +        if (negotiatedLegacyTLS == NegotiatedLegacyTLS::Yes && task._preconnect)
> +            return completionHandler(NSURLSessionAuthChallengeCancelAuthenticationChallenge, nil);

Seems like we should also check the TLS deprecation feature flag here?
Comment 4 Alex Christensen 2020-08-12 16:04:04 PDT 
Comment on attachment 406469 [details]
Patch

There isn't a clean feature flag for this, especially not in the network process.  We have systemAllowsLegacyTLSFor, but even if that returns true we want to block the preconnect handshake to fix this bug.
Comment 5 EWS 2020-08-12 16:06:24 PDT 
Committed r265573: <https://trac.webkit.org/changeset/265573>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 406469 [details].
Comment 6 Radar WebKit Bug Importer 2020-08-12 16:07:21 PDT 
<rdar://problem/66941740>
Comment 7 Alex Christensen 2020-08-24 19:48:50 PDT 
This made one API test flaky.  No idea why it didn't fail until almost two weeks later, but I investigated it and it's no problem.  Fixing it in bug 215791.
Comment 8 Alex Christensen 2020-09-18 10:15:41 PDT 
Another test needed updating in https://bugs.webkit.org/show_bug.cgi?id=216704