webrtc

26238 commits 2 branches 91 tags 415 MiB

Author	SHA1	Message	Date
Benjamin Wright	7276b974b7	Disable DTLS 1.0, TLS 1.0 and TLS 1.1 downgrade in WebRTC. This change disables DTLS 1.0, TLS 1.0 and TLS 1.1 in WebRTC by default. This is part of a larger effort at Google to remove old TLS protocols: https://security.googleblog.com/2018/10/modernizing-transport-security.html For the M74 timeline I have added a disabled by default field trial WebRTC-LegacyTlsProtocols which can be enabled to support these cipher suites as consumers move away from these legacy cipher protocols but it will be off in Chrome. This is compliant with the webrtc-security-arch specification which states: All Implementations MUST implement DTLS 1.2 with the TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 cipher suite and the P-256 curve [FIPS186]. Earlier drafts of this specification required DTLS 1.0 with the cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, and at the time of this writing some implementations do not support DTLS 1.2; endpoints which support only DTLS 1.2 might encounter interoperability issues. The DTLS-SRTP protection profile SRTP_AES128_CM_HMAC_SHA1_80 MUST be supported for SRTP. Implementations MUST favor cipher suites which support (Perfect Forward Secrecy) PFS over non-PFS cipher suites and SHOULD favor AEAD over non-AEAD cipher suites. Bug: webrtc:10261 Change-Id: I847c567592911cc437f095376ad67585b4355fc0 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/125141 Commit-Queue: Benjamin Wright <benwright@webrtc.org> Reviewed-by: David Benjamin <davidben@webrtc.org> Reviewed-by: Qingsi Wang <qingsi@webrtc.org> Cr-Commit-Position: refs/heads/master@{#27006}	2019-03-06 20:44:41 +00:00
Steve Anton	10542f21c8	(4) Rename files to snake_case: update BUILD.gn, include paths, header guards, and DEPS entries Mechanically generated by running this command: tools_webrtc/do-renames.sh update all-renames.txt && git cl format Then manually updating: tools_webrtc/sanitizers/tsan_suppressions_webrtc.cc Bug: webrtc:10159 No-Presubmit: true No-Tree-Checks: true No-Try: true Change-Id: I54824cd91dada8fc3ee3d098f971bc319d477833 Reviewed-on: https://webrtc-review.googlesource.com/c/115653 Reviewed-by: Karl Wiberg <kwiberg@webrtc.org> Cr-Commit-Position: refs/heads/master@{#26226}	2019-01-11 17:11:39 +00:00
Steve Anton	1c05765831	(3) Rename files to snake_case: move the files Mechanically generated with this command: tools_webrtc/do-rename.sh move all-renames.txt Bug: webrtc:10159 No-Presubmit: true No-Tree-Checks: true No-Try: true Change-Id: I8b05b6eab9b9d18b29c2199bbea239e9add1e690 Reviewed-on: https://webrtc-review.googlesource.com/c/115481 Reviewed-by: Karl Wiberg <kwiberg@webrtc.org> Cr-Commit-Position: refs/heads/master@{#26225}	2019-01-11 17:05:20 +00:00

Author

SHA1

Message

Date

Benjamin Wright

7276b974b7

Disable DTLS 1.0, TLS 1.0 and TLS 1.1 downgrade in WebRTC.

This change disables DTLS 1.0, TLS 1.0 and TLS 1.1 in WebRTC by default. This
is part of a larger effort at Google to remove old TLS protocols:
https://security.googleblog.com/2018/10/modernizing-transport-security.html

For the M74 timeline I have added a disabled by default field trial
WebRTC-LegacyTlsProtocols which can be enabled to support these cipher suites
as consumers move away from these legacy cipher protocols but it will be off
in Chrome.

This is compliant with the webrtc-security-arch specification which states:

   All Implementations MUST implement DTLS 1.2 with the
   TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 cipher suite and the P-256
   curve [FIPS186].  Earlier drafts of this specification required DTLS
   1.0 with the cipher suite TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, and
   at the time of this writing some implementations do not support DTLS
   1.2; endpoints which support only DTLS 1.2 might encounter
   interoperability issues.  The DTLS-SRTP protection profile
   SRTP_AES128_CM_HMAC_SHA1_80 MUST be supported for SRTP.
   Implementations MUST favor cipher suites which support (Perfect
   Forward Secrecy) PFS over non-PFS cipher suites and SHOULD favor AEAD
   over non-AEAD cipher suites.

Bug: webrtc:10261
Change-Id: I847c567592911cc437f095376ad67585b4355fc0
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/125141
Commit-Queue: Benjamin Wright <benwright@webrtc.org>
Reviewed-by: David Benjamin <davidben@webrtc.org>
Reviewed-by: Qingsi Wang <qingsi@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#27006}

2019-03-06 20:44:41 +00:00

Steve Anton

10542f21c8

(4) Rename files to snake_case: update BUILD.gn, include paths, header guards, and DEPS entries

Mechanically generated by running this command:

tools_webrtc/do-renames.sh update all-renames.txt && git cl format

Then manually updating:

tools_webrtc/sanitizers/tsan_suppressions_webrtc.cc

Bug: webrtc:10159
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Change-Id: I54824cd91dada8fc3ee3d098f971bc319d477833
Reviewed-on: https://webrtc-review.googlesource.com/c/115653
Reviewed-by: Karl Wiberg <kwiberg@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#26226}

2019-01-11 17:11:39 +00:00

Steve Anton

1c05765831

(3) Rename files to snake_case: move the files

Mechanically generated with this command:

tools_webrtc/do-rename.sh move all-renames.txt

Bug: webrtc:10159
No-Presubmit: true
No-Tree-Checks: true
No-Try: true
Change-Id: I8b05b6eab9b9d18b29c2199bbea239e9add1e690
Reviewed-on: https://webrtc-review.googlesource.com/c/115481
Reviewed-by: Karl Wiberg <kwiberg@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#26225}

2019-01-11 17:05:20 +00:00

Renamed from rtc_base/opensslstreamadapter.h (Browse further)

3 commits