Index: net/ssl/ssl_cipher_suite_names.h |
diff --git a/net/ssl/ssl_cipher_suite_names.h b/net/ssl/ssl_cipher_suite_names.h |
index 207dbfbb8ed632757f340501b8097bbbf0d87e96..186af7138d2c525a61219f9d3a440120960403f9 100644 |
--- a/net/ssl/ssl_cipher_suite_names.h |
+++ b/net/ssl/ssl_cipher_suite_names.h |
@@ -49,16 +49,16 @@ NET_EXPORT bool ParseSSLCipherString(const std::string& cipher_string, |
// |cipher_suite| is the IANA id for the cipher suite. What a "secure" |
// cipher suite is arbitrarily determined here. The intent is to indicate what |
// cipher suites meet modern security standards when backwards compatibility can |
-// be ignored. Notably, HTTP/2 requires/encourages this sort of validation of |
-// cipher suites: https://http2.github.io/http2-spec/#TLSUsage. |
+// be ignored. |
// |
// Currently, this function follows these criteria: |
-// 1) Only uses forward secure key exchanges |
+// 1) Only uses ECDHE-based key exchanges authenticated by a certificate |
// 2) Only uses AEADs |
NET_EXPORT bool IsSecureTLSCipherSuite(uint16 cipher_suite); |
-// Returns true if |cipher_suite| is suitable for use with False Start. |
-NET_EXPORT bool IsFalseStartableTLSCipherSuite(uint16 cipher_suite); |
+// Returns true if |cipher_suite| is suitable for use with HTTP/2. See |
+// https://http2.github.io/http2-spec/#rfc.section.9.2.2. |
+NET_EXPORT bool IsTLSCipherSuiteAllowedByHTTP2(uint16 cipher_suite); |
// Returns the static curve name of |key_exchange_info| if the |cipher_suite| |
// is an elliptic curve, and a name is known. Returns nullptr otherwise. |