Chromium Code Reviews Chromium Code Reviews
Issue 14125003:
Do not roll back to SSL 3.0 for Google properties. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_SSL_SSL_CONFIG_SERVICE_H_ | 5 #ifndef NET_SSL_SSL_CONFIG_SERVICE_H_ |
| 6 #define NET_SSL_SSL_CONFIG_SERVICE_H_ | 6 #define NET_SSL_SSL_CONFIG_SERVICE_H_ |
| 7 | 7 |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| (...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 84 // big-endian form, they should be declared in host byte order, with the | 84 // big-endian form, they should be declared in host byte order, with the |
| 85 // first uint8 occupying the most significant byte. | 85 // first uint8 occupying the most significant byte. |
| 86 // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to | 86 // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to |
| 87 // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002. | 87 // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002. |
| 88 std::vector<uint16> disabled_cipher_suites; | 88 std::vector<uint16> disabled_cipher_suites; |
| 89 | 89 |
| 90 bool cached_info_enabled; // True if TLS cached info extension is enabled. | 90 bool cached_info_enabled; // True if TLS cached info extension is enabled. |
| 91 bool channel_id_enabled; // True if TLS channel ID extension is enabled. | 91 bool channel_id_enabled; // True if TLS channel ID extension is enabled. |
| 92 bool false_start_enabled; // True if we'll use TLS False Start. | 92 bool false_start_enabled; // True if we'll use TLS False Start. |
| 93 | 93 |
| 94 // If |ssl3_fallback_enabled| is false and the request is sent to a site | |
| 95 // pinned to the Google pin list (indicating that it is a Google site), | |
| 96 // SSL 3.0 fallback will be disabled. | |
| 97 // If |ssl3_fallback_enabled| is true, SSL 3.0 fallback will be enabled | |
| 98 // for all sites. | |
|
wtc
2013/04/18 18:15:34
I suggest describing the "true" case before the "f
| |
| 99 bool ssl3_fallback_enabled; | |
|
wtc
2013/04/18 18:15:34
NOTE: I still think this member name is confusing.
| |
| 100 | |
| 94 // TODO(wtc): move the following members to a new SSLParams structure. They | 101 // TODO(wtc): move the following members to a new SSLParams structure. They |
| 95 // are not SSL configuration settings. | 102 // are not SSL configuration settings. |
| 96 | 103 |
| 97 struct NET_EXPORT CertAndStatus { | 104 struct NET_EXPORT CertAndStatus { |
| 98 CertAndStatus(); | 105 CertAndStatus(); |
| 99 ~CertAndStatus(); | 106 ~CertAndStatus(); |
| 100 | 107 |
| 101 std::string der_cert; | 108 std::string der_cert; |
| 102 CertStatus cert_status; | 109 CertStatus cert_status; |
| 103 }; | 110 }; |
| (...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 205 void ProcessConfigUpdate(const SSLConfig& orig_config, | 212 void ProcessConfigUpdate(const SSLConfig& orig_config, |
| 206 const SSLConfig& new_config); | 213 const SSLConfig& new_config); |
| 207 | 214 |
| 208 private: | 215 private: |
| 209 ObserverList<Observer> observer_list_; | 216 ObserverList<Observer> observer_list_; |
| 210 }; | 217 }; |
| 211 | 218 |
| 212 } // namespace net | 219 } // namespace net |
| 213 | 220 |
| 214 #endif // NET_SSL_SSL_CONFIG_SERVICE_H_ | 221 #endif // NET_SSL_SSL_CONFIG_SERVICE_H_ |
| OLD | NEW |
