| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ | 5 #ifndef NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ |
| 6 #define NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ | 6 #define NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 42 // result in |cipher_suite|. | 42 // result in |cipher_suite|. |
| 43 // | 43 // |
| 44 // TODO(rsleevi): Support the full strings defined in the IANA TLS parameters | 44 // TODO(rsleevi): Support the full strings defined in the IANA TLS parameters |
| 45 // list. | 45 // list. |
| 46 NET_EXPORT bool ParseSSLCipherString(const std::string& cipher_string, | 46 NET_EXPORT bool ParseSSLCipherString(const std::string& cipher_string, |
| 47 uint16* cipher_suite); | 47 uint16* cipher_suite); |
| 48 | 48 |
| 49 // |cipher_suite| is the IANA id for the cipher suite. What a "secure" | 49 // |cipher_suite| is the IANA id for the cipher suite. What a "secure" |
| 50 // cipher suite is arbitrarily determined here. The intent is to indicate what | 50 // cipher suite is arbitrarily determined here. The intent is to indicate what |
| 51 // cipher suites meet modern security standards when backwards compatibility can | 51 // cipher suites meet modern security standards when backwards compatibility can |
| 52 // be ignored. Notably, HTTP/2 requires/encourages this sort of validation of | 52 // be ignored. |
| 53 // cipher suites: https://http2.github.io/http2-spec/#TLSUsage. | |
| 54 // | 53 // |
| 55 // Currently, this function follows these criteria: | 54 // Currently, this function follows these criteria: |
| 56 // 1) Only uses forward secure key exchanges | 55 // 1) Only uses ECDHE-based key exchanges authenticated by a certificate |
| 57 // 2) Only uses AEADs | 56 // 2) Only uses AEADs |
| 58 NET_EXPORT bool IsSecureTLSCipherSuite(uint16 cipher_suite); | 57 NET_EXPORT bool IsSecureTLSCipherSuite(uint16 cipher_suite); |
| 59 | 58 |
| 60 // Returns true if |cipher_suite| is suitable for use with False Start. | 59 // Returns true if |cipher_suite| is suitable for use with HTTP/2. See |
| 61 NET_EXPORT bool IsFalseStartableTLSCipherSuite(uint16 cipher_suite); | 60 // https://http2.github.io/http2-spec/#rfc.section.9.2.2. |
| 61 NET_EXPORT bool IsTLSCipherSuiteAllowedByHTTP2(uint16 cipher_suite); |
| 62 | 62 |
| 63 // Returns the static curve name of |key_exchange_info| if the |cipher_suite| | 63 // Returns the static curve name of |key_exchange_info| if the |cipher_suite| |
| 64 // is an elliptic curve, and a name is known. Returns nullptr otherwise. | 64 // is an elliptic curve, and a name is known. Returns nullptr otherwise. |
| 65 // Only defined for OpenSSL, returns nullptr otherwise. | 65 // Only defined for OpenSSL, returns nullptr otherwise. |
| 66 NET_EXPORT const char* ECCurveName(uint16 cipher_suite, int key_exchange_info); | 66 NET_EXPORT const char* ECCurveName(uint16 cipher_suite, int key_exchange_info); |
| 67 | 67 |
| 68 } // namespace net | 68 } // namespace net |
| 69 | 69 |
| 70 #endif // NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ | 70 #endif // NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1405383003:
IsSecureTLSCipherSuite should not classify DHE_RSA as secure. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master