Add API to allow legacy TLS protocols.

Bug: webrtc:10261 Change-Id: I87aeb36b8c8a08b5406516bf15bf22261e4916ed NOKEYCHECK: true Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/185052 Reviewed-by: Harald Alvestrand <hta@webrtc.org> Commit-Queue: Guido Urdaneta <guidou@webrtc.org> Cr-Commit-Position: refs/heads/master@{#32213}
2020-09-25 16:00:51 +02:00
parent cdcfab0a52
commit 14bba6e1c3
3 changed files with 67 additions and 2 deletions
--- a/rtc_base/ssl_stream_adapter_unittest.cc
+++ b/rtc_base/ssl_stream_adapter_unittest.cc
@ -21,6 +21,7 @@
 #include "rtc_base/memory/fifo_buffer.h"
 #include "rtc_base/memory_stream.h"
 #include "rtc_base/message_digest.h"
+#include "rtc_base/openssl_stream_adapter.h"
 #include "rtc_base/ssl_adapter.h"
 #include "rtc_base/ssl_identity.h"
 #include "rtc_base/ssl_stream_adapter.h"
@ -1630,3 +1631,44 @@ TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
  SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
  TestHandshake(false);
 }
+
+// Both client and server have legacy TLS versions enabled and support DTLS 1.0.
+// This should work.
+TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
+       TestGetSslVersionLegacyOverrideEnabledClient10Server10) {
+  rtc::SetAllowLegacyTLSProtocols(true);
+  ConfigureClient("");
+  ConfigureServer("");
+  // Remove override.
+  rtc::SetAllowLegacyTLSProtocols(absl::nullopt);
+  SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
+  TestHandshake();
+}
+
+// Client has legacy TLS disabled and server has legacy TLS enabled via
+// override. Handshake for DTLS 1.0 should fail.
+TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
+       TestGetSslVersionLegacyOverrideDisabledClient10EnabledServer10) {
+  rtc::SetAllowLegacyTLSProtocols(false);
+  ConfigureClient("");
+  rtc::SetAllowLegacyTLSProtocols(true);
+  ConfigureServer("");
+  // Remove override.
+  rtc::SetAllowLegacyTLSProtocols(absl::nullopt);
+  SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
+  TestHandshake(false);
+}
+
+// Client has legacy TLS enabled and server has legacy TLS disabled via
+// override. Handshake for DTLS 1.0 should fail.
+TEST_F(SSLStreamAdapterTestDTLSLegacyProtocols,
+       TestGetSslVersionLegacyOverrideEnabledClient10DisabledServer10) {
+  rtc::SetAllowLegacyTLSProtocols(true);
+  ConfigureClient("");
+  rtc::SetAllowLegacyTLSProtocols(false);
+  ConfigureServer("");
+  // Remove override.
+  rtc::SetAllowLegacyTLSProtocols(absl::nullopt);
+  SetupProtocolVersions(rtc::SSL_PROTOCOL_DTLS_10, rtc::SSL_PROTOCOL_DTLS_10);
+  TestHandshake(false);
+}