SSL/TLS

[Starman]

What does the Google Chrome Browser use for the SSL/TLS? I been
reading past forums that it uses NSS and experimental with openSSL?
What is it currently using right now as the most up to date web
browser version (12.0.742.100)? What is the name for the .dll file is
used for the SSL/TLS?

[PhistucK]

I am pretty sure Chrome uses NSS (along with the operating system stack for cryptography/SChannel (Windows), I think, though really not sure) for this.

It is compiled right into chrome.dll.

☆PhistucK

--
Chromium Discussion mailing list: chromium...@chromium.org
View archives, change email options, or unsubscribe:
   http://groups.google.com/a/chromium.org/group/chromium-discuss

[Starman]

Just FYI, I am interested in looking at Windows XP not linux OS.

[Pavel Ivanov]

> I am pretty sure Chrome uses NSS (along with the operating system stack for
> cryptography/SChannel (Windows), I think, though really not sure) for this.

I believe Chrome stopped using SChannel long time ago. When it used
SChannel I couldn't load some sites: Chrome said that certificate is
bad and Events Viewer showed errors from SChannel. Then after some new
major version was released (somewhere about 3 or 4) I stopped seeing
those errors and all sites were shown without problems (though there
still were problems in IE with the same link to SChannel).

Pavel

[Ryan Sleevi]

On Jun 24, 2:14 pm, Pavel Ivanov <paiv...@gmail.com> wrote:
> > I am pretty sure Chrome uses NSS (along with the operating system stack for
> > cryptography/SChannel (Windows), I think, though really not sure) for this.
>

> I believe Chrome stopped using SChannel long time ago. When it used
> SChannel I couldn't load some sites: Chrome said that certificate is
> bad and Events Viewer showed errors from SChannel. Then after some new
> major version was released (somewhere about 3 or 4) I stopped seeing
> those errors and all sites were shown without problems (though there
> still were problems in IE with the same link to SChannel).
>
> Pavel

PhistucK is correct - Chrome currently uses NSS across all supported
platforms to perform SSL/TLS by default. However, Certificate
validation/PKI path building happens with the native APIs when
available - CryptoAPI on Windows and CDSA/CSSM/Security Framework/
Keychain Services on OS X. Given the lack of a system-native
cryptographic store on Linux, NSS is used for that as well.

There is still a command-line flags available on Windows and Mac that
can cause it to fall back to the system SSL/TLS stacks (SSPI/SChannel
on Windows, SecureTransport on OS X) in order to work around certain
issues with client certificates and smart cards, but these aren't
actively tested as part of the testing framework and may experience
regressions from time to time. The flag is also useful in the event
it's necessary to use certain country-specific cipher suites not yet
supported within Chromium.

The cryptographic stack is currently built into chrome.dll. I believe
there is experimental work going on at to split some of this up into
it's own DLL (both a net.dll and possibly an NSS/NSPR DLL)

If you're asking in order to make modifications, the first place to
begin is at [1]. This depends on NSS's libssl, which Chromium
maintains a modified version of at [2]. Additional parts of NSS, and
of NSPR, are either linked to directly from the system/distro if on
Linux, or are maintained (with modifications) at [3] in the case of OS
X/Windows.

You can find more information about the upstream version within the
README.chromium files in [2] and [3].

[1] http://codesearch.google.com/codesearch#OAMlx_jo-ck/src/net/socket/ssl_client_socket_nss.h
[2] http://codesearch.google.com/codesearch#OAMlx_jo-ck/src/net/third_party/nss/
[3] http://src.chromium.org/viewvc/chrome/trunk/deps/third_party/nss/