PSM: Show protocol version in cipherName

2018-07-11 23:41:23 +08:00 · 2018-07-11 23:41:23 +08:00 · a4e283f567
parent a572ea8ca3
commit a4e283f567
3 changed files with 37 additions and 3 deletions
--- a/security/manager/pki/resources/content/PageInfoOverlay.xul
+++ b/security/manager/pki/resources/content/PageInfoOverlay.xul
@ -100,11 +100,26 @@

          issuerName = this.mapIssuerOrganization(cert.issuerOrganization);
          if (!issuerName) issuerName = cert.issuerName;
-        
+
+          var protocolVersion = " (unknown)";
+          switch(status.protocolVersion) {
+            case 0:
+              protocolVersion = " (SSL3)";
+              break;
+            case 1:
+              protocolVersion = " (TLS1.0)";
+              break;
+            case 2:
+              protocolVersion = " (TLS1.1)";
+              break;
+            case 3:
+              protocolVersion = " (TLS1.2)";
+              break;
+          }
          return {
            hostName : hName,
            cAName : issuerName,
-            encryptionAlgorithm : status.cipherName,
+            encryptionAlgorithm : status.cipherName+protocolVersion,
            encryptionStrength : status.secretKeyLength,
            isBroken : isBroken,
            cert : cert
--- a/security/manager/ssl/public/nsISSLStatus.idl
+++ b/security/manager/ssl/public/nsISSLStatus.idl
@ -47,4 +47,5 @@ interface nsISSLStatus : nsISupports {
  readonly attribute string cipherName;
  readonly attribute unsigned long keyLength;
  readonly attribute unsigned long secretKeyLength;
+  readonly attribute unsigned long protocolVersion;
 };
--- a/security/manager/ssl/src/nsNSSCallbacks.cpp
+++ b/security/manager/ssl/src/nsNSSCallbacks.cpp
@ -659,6 +659,7 @@ public:
  nsCOMPtr<nsIX509Cert> mServerCert;
  PRUint32 mKeyLength;
  PRUint32 mSecretKeyLength;
+  PRUint32 mProtocolVersion;
  nsXPIDLCString mCipherName;
 };

@ -693,6 +694,16 @@ nsSSLStatus::GetSecretKeyLength(PRUint32* _result)
  return NS_OK;
 }

+NS_IMETHODIMP
+nsSSLStatus::GetProtocolVersion(PRUint32* _result)
+{
+  NS_ASSERTION(_result, "non-NULL destination required");
+
+  *_result = mProtocolVersion;
+
+  return NS_OK;
+}
+
 NS_IMETHODIMP
 nsSSLStatus::GetCipherName(char** _result)
 {
@ -704,7 +715,7 @@ nsSSLStatus::GetCipherName(char** _result)
 }

 nsSSLStatus::nsSSLStatus()
-: mKeyLength(0), mSecretKeyLength(0)
+: mKeyLength(0), mSecretKeyLength(0), mProtocolVersion(0)
 {
 }

@ -867,6 +878,13 @@ void PR_CALLBACK HandshakeCallback(PRFileDesc* fd, void* client_data) {
    status->mSecretKeyLength = encryptBits;
    status->mCipherName.Adopt(cipherName);

+    SSLChannelInfo channelInfo;
+    if (SSL_GetChannelInfo(fd, &channelInfo, sizeof(channelInfo)) == SECSuccess) {
+      // Get the protocol version
+      // 0=ssl3, 1=tls1, 2=tls1.1, 3=tls1.2
+      status->mProtocolVersion = channelInfo.protocolVersion & 0xFF;
+    }
+
    infoObject->SetSSLStatus(status);
  }