Allow disabling post-quantum key agreement in TLS

This commit is contained in:
klzgrad 2024-05-05 00:51:53 +08:00
parent ab660be90a
commit a08c4d354e
4 changed files with 26 additions and 0 deletions

View File

@ -97,3 +97,7 @@ Options:
--ssl-key-log-file=<path>
Saves SSL keys for Wireshark inspection.
--no-post-quantum
Overrides the default and disables post-quantum key agreement.

View File

@ -192,6 +192,10 @@ bool NaiveConfig::Parse(const base::Value::Dict& value) {
}
}
if (const base::Value* v = value.Find("no-post-quantum")) {
no_post_quantum = true;
}
return true;
}

View File

@ -54,6 +54,8 @@ struct NaiveConfig {
base::FilePath ssl_key_log_file;
std::optional<bool> no_post_quantum;
NaiveConfig();
NaiveConfig(const NaiveConfig&);
~NaiveConfig();

View File

@ -212,6 +212,21 @@ std::unique_ptr<URLRequestContext> BuildURLRequestContext(
config.extra_headers,
std::vector<PaddingType>{PaddingType::kVariant1, PaddingType::kNone}));
if (config.no_post_quantum == true) {
struct NoPostQuantum : public SSLConfigService {
SSLContextConfig GetSSLContextConfig() override {
SSLContextConfig config;
config.post_quantum_override = false;
return config;
}
bool CanShareConnectionWithClientCerts(std::string_view) const override {
return false;
}
};
builder.set_ssl_config_service(std::make_unique<NoPostQuantum>());
}
auto context = builder.Build();
if (!config.proxy_url.empty() && !config.proxy_user.empty() &&
@ -358,6 +373,7 @@ int main(int argc, char* argv[]) {
"--log[=<path>] Log to stderr, or file\n"
"--log-net-log=<path> Save NetLog\n"
"--ssl-key-log-file=<path> Save SSL keys for Wireshark\n"
"--no-post-quantum No post-quantum key agreement\n"
<< std::endl;
exit(EXIT_SUCCESS);
}