OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ | 5 #ifndef NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ |
6 #define NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ | 6 #define NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
42 // result in |cipher_suite|. | 42 // result in |cipher_suite|. |
43 // | 43 // |
44 // TODO(rsleevi): Support the full strings defined in the IANA TLS parameters | 44 // TODO(rsleevi): Support the full strings defined in the IANA TLS parameters |
45 // list. | 45 // list. |
46 NET_EXPORT bool ParseSSLCipherString(const std::string& cipher_string, | 46 NET_EXPORT bool ParseSSLCipherString(const std::string& cipher_string, |
47 uint16* cipher_suite); | 47 uint16* cipher_suite); |
48 | 48 |
49 // |cipher_suite| is the IANA id for the cipher suite. What a "secure" | 49 // |cipher_suite| is the IANA id for the cipher suite. What a "secure" |
50 // cipher suite is arbitrarily determined here. The intent is to indicate what | 50 // cipher suite is arbitrarily determined here. The intent is to indicate what |
51 // cipher suites meet modern security standards when backwards compatibility can | 51 // cipher suites meet modern security standards when backwards compatibility can |
52 // be ignored. Notably, HTTP/2 requires/encourages this sort of validation of | 52 // be ignored. |
53 // cipher suites: https://http2.github.io/http2-spec/#TLSUsage. | |
54 // | 53 // |
55 // Currently, this function follows these criteria: | 54 // Currently, this function follows these criteria: |
56 // 1) Only uses forward secure key exchanges | 55 // 1) Only uses ECDHE-based key exchanges authenticated by a certificate |
57 // 2) Only uses AEADs | 56 // 2) Only uses AEADs |
58 NET_EXPORT bool IsSecureTLSCipherSuite(uint16 cipher_suite); | 57 NET_EXPORT bool IsSecureTLSCipherSuite(uint16 cipher_suite); |
59 | 58 |
60 // Returns true if |cipher_suite| is suitable for use with False Start. | 59 // Returns true if |cipher_suite| is suitable for use with HTTP/2. See |
61 NET_EXPORT bool IsFalseStartableTLSCipherSuite(uint16 cipher_suite); | 60 // https://http2.github.io/http2-spec/#rfc.section.9.2.2. |
| 61 NET_EXPORT bool IsTLSCipherSuiteAllowedByHTTP2(uint16 cipher_suite); |
62 | 62 |
63 // Returns the static curve name of |key_exchange_info| if the |cipher_suite| | 63 // Returns the static curve name of |key_exchange_info| if the |cipher_suite| |
64 // is an elliptic curve, and a name is known. Returns nullptr otherwise. | 64 // is an elliptic curve, and a name is known. Returns nullptr otherwise. |
65 // Only defined for OpenSSL, returns nullptr otherwise. | 65 // Only defined for OpenSSL, returns nullptr otherwise. |
66 NET_EXPORT const char* ECCurveName(uint16 cipher_suite, int key_exchange_info); | 66 NET_EXPORT const char* ECCurveName(uint16 cipher_suite, int key_exchange_info); |
67 | 67 |
68 } // namespace net | 68 } // namespace net |
69 | 69 |
70 #endif // NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ | 70 #endif // NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ |
OLD | NEW |