Google Git
Sign in
webrtc / src / 137991396d037ccdea106a1ec200e492f16d8e3d
commit137991396d037ccdea106a1ec200e492f16d8e3d[log] [tgz]
authorHarald Alvestrand <hta@webrtc.org>Mon Mar 09 18:39:36 2020
committerCommit Bot <commit-bot@chromium.org>Mon Mar 09 19:23:44 2020
tree68bba4311d3dee91c73b7510a8c66f39cda3053d
parent30026214b13535a9fe1c47f1463378fbf976c643 [diff]
Make a switch to disable DTLS 1.0, TLS 1.0 and TLS 1.1 downgrade in WebRTC.

This reverts commit af1f8655b2cb69af382396ea642eb0a2bf04bb4d

Landing the change with default set to
"enabled" (DTLS 1.0 will continue to work by default),
so that flipping the default can be a separate CL.

Original change's description:
> Revert "Disable DTLS 1.0, TLS 1.0 and TLS 1.1 downgrade in WebRTC."
>
> This reverts commit 7276b974b78ea4f409d8738b1b6f1515f7a8968e.
>
> Reason for revert: Changing to a later Chrome release.
>
> Original change's description:
> > Disable DTLS 1.0, TLS 1.0 and TLS 1.1 downgrade in WebRTC.
> >
> > This change disables DTLS 1.0, TLS 1.0 and TLS 1.1 in WebRTC by default. This
> > is part of a larger effort at Google to remove old TLS protocols:
> > https://security.googleblog.com/2018/10/modernizing-transport-security.html
> >
> > For the M74 timeline I have added a disabled by default field trial
> > WebRTC-LegacyTlsProtocols which can be enabled to support these cipher suites
> > as consumers move away from these legacy cipher protocols but it will be off
> > in Chrome.
> >
> > This is compliant with the webrtc-security-arch specification which states:
> >
> >    All Implementations MUST implement DTLS 1.2 with the
> >    TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 cipher suite and the P-256
> >    curve [FIPS186].  Earlier drafts of this specification required DTLS
> >    1.0 with the cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, and
> >    at the time of this writing some implementations do not support DTLS
> >    1.2; endpoints which support only DTLS 1.2 might encounter
> >    interoperability issues.  The DTLS-SRTP protection profile
> >    SRTP_AES128_CM_HMAC_SHA1_80 MUST be supported for SRTP.
> >    Implementations MUST favor cipher suites which support (Perfect
> >    Forward Secrecy) PFS over non-PFS cipher suites and SHOULD favor AEAD
> >    over non-AEAD cipher suites.
> >
> > Bug: webrtc:10261
> > Change-Id: I847c567592911cc437f095376ad67585b4355fc0
> > Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/125141
> > Commit-Queue: Benjamin Wright <benwright@webrtc.org>
> > Reviewed-by: David Benjamin <davidben@webrtc.org>
> > Reviewed-by: Qingsi Wang <qingsi@webrtc.org>
> > Cr-Commit-Position: refs/heads/master@{#27006}
>
> TBR=steveanton@webrtc.org,davidben@webrtc.org,qingsi@webrtc.org,benwright@webrtc.org
>
> # Not skipping CQ checks because original CL landed > 1 day ago.
>
> Bug: webrtc:10261
> Change-Id: I34727e65c069e1fb2ad71838828ad0a22b5fe811
> Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/130367
> Commit-Queue: Benjamin Wright <benwright@webrtc.org>
> Reviewed-by: Benjamin Wright <benwright@webrtc.org>
> Cr-Commit-Position: refs/heads/master@{#27403}

Bug: webrtc:10261
Change-Id: I28c6819d37665976e396df280b4abf48fb91d533
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/169851
Commit-Queue: Harald Alvestrand <hta@webrtc.org>
Reviewed-by: Benjamin Wright <benwright@webrtc.org>
Reviewed-by: Qingsi Wang <qingsi@webrtc.org>
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#30733}
5 files changed
tree: 68bba4311d3dee91c73b7510a8c66f39cda3053d
  1. api/
  2. audio/
  3. build_overrides/
  4. call/
  5. common_audio/
  6. common_video/
  7. data/
  8. docs/
  9. examples/
  10. logging/
  11. media/
  12. modules/
  13. p2p/
  14. pc/
  15. resources/
  16. rtc_base/
  17. rtc_tools/
  18. sdk/
  19. stats/
  20. style-guide/
  21. system_wrappers/
  22. test/
  23. tools_webrtc/
  24. video/
  25. .clang-format
  26. .git-blame-ignore-revs
  27. .gitignore
  28. .gn
  29. .vpython
  30. abseil-in-webrtc.md
  31. AUTHORS
  32. BUILD.gn
  33. CODE_OF_CONDUCT.md
  34. codereview.settings
  35. common_types.h
  36. DEPS
  37. ENG_REVIEW_OWNERS
  38. LICENSE
  39. license_template.txt
  40. native-api.md
  41. OWNERS
  42. PATENTS
  43. PRESUBMIT.py
  44. presubmit_test.py
  45. presubmit_test_mocks.py
  46. pylintrc
  47. README.chromium
  48. README.md
  49. style-guide.md
  50. WATCHLISTS
  51. webrtc.gni
  52. webrtc_lib_link_test.cc
  53. whitespace.txt
README.md

WebRTC is a free, open software project that provides browsers and mobile applications with Real-Time Communications (RTC) capabilities via simple APIs. The WebRTC components have been optimized to best serve this purpose.

Our mission: To enable rich, high-quality RTC applications to be developed for the browser, mobile platforms, and IoT devices, and allow them all to communicate via a common set of protocols.

The WebRTC initiative is a project supported by Google, Mozilla and Opera, amongst others.

Development

See http://www.webrtc.org/native-code/development for instructions on how to get started developing with the native code.

Authoritative list of directories that contain the native API header files.

More info