| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H_ | 5 #ifndef NET_BASE_SSL_CONFIG_SERVICE_H_ |
| 6 #define NET_BASE_SSL_CONFIG_SERVICE_H_ | 6 #define NET_BASE_SSL_CONFIG_SERVICE_H_ |
| 7 | 7 |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| (...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 67 // Presorted list of cipher suites which should be explicitly prevented from | 67 // Presorted list of cipher suites which should be explicitly prevented from |
| 68 // being used in addition to those disabled by the net built-in policy. | 68 // being used in addition to those disabled by the net built-in policy. |
| 69 // | 69 // |
| 70 // By default, all cipher suites supported by the underlying SSL | 70 // By default, all cipher suites supported by the underlying SSL |
| 71 // implementation will be enabled except for: | 71 // implementation will be enabled except for: |
| 72 // - Null encryption cipher suites. | 72 // - Null encryption cipher suites. |
| 73 // - Weak cipher suites: < 80 bits of security strength. | 73 // - Weak cipher suites: < 80 bits of security strength. |
| 74 // - FORTEZZA cipher suites (obsolete). | 74 // - FORTEZZA cipher suites (obsolete). |
| 75 // - IDEA cipher suites (RFC 5469 explains why). | 75 // - IDEA cipher suites (RFC 5469 explains why). |
| 76 // - Anonymous cipher suites. | 76 // - Anonymous cipher suites. |
| 77 // - ECDSA cipher suites on platforms where certificate verification cannot |
| 78 // handle them. |
| 77 // The ciphers listed in |disabled_cipher_suites| will be removed in addition | 79 // The ciphers listed in |disabled_cipher_suites| will be removed in addition |
| 78 // to the above list. | 80 // to the above list. |
| 79 // | 81 // |
| 80 // Though cipher suites are sent in TLS as "uint8 CipherSuite[2]", in | 82 // Though cipher suites are sent in TLS as "uint8 CipherSuite[2]", in |
| 81 // big-endian form, they should be declared in host byte order, with the | 83 // big-endian form, they should be declared in host byte order, with the |
| 82 // first uint8 occupying the most significant byte. | 84 // first uint8 occupying the most significant byte. |
| 83 // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to | 85 // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to |
| 84 // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002. | 86 // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002. |
| 85 // | 87 // |
| 86 // Note: Not implemented when using Schannel/SSLClientSocketWin. | 88 // Note: Not implemented when using Schannel/SSLClientSocketWin. |
| (...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 201 void ProcessConfigUpdate(const SSLConfig& orig_config, | 203 void ProcessConfigUpdate(const SSLConfig& orig_config, |
| 202 const SSLConfig& new_config); | 204 const SSLConfig& new_config); |
| 203 | 205 |
| 204 private: | 206 private: |
| 205 ObserverList<Observer> observer_list_; | 207 ObserverList<Observer> observer_list_; |
| 206 }; | 208 }; |
| 207 | 209 |
| 208 } // namespace net | 210 } // namespace net |
| 209 | 211 |
| 210 #endif // NET_BASE_SSL_CONFIG_SERVICE_H_ | 212 #endif // NET_BASE_SSL_CONFIG_SERVICE_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10830326:
net: disable ECDSA ciphersuites on platforms where we can't support it. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src