Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(608)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/policy/resources/policy_templates.json

Issue 1422293002: Remove RC4 by default. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rebase Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/test/data/policy/policy_test_cases.json ('k') | components/ssl_config/ssl_config_prefs.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 { 1 {
2 # policy_templates.json - Metafile for policy templates 2 # policy_templates.json - Metafile for policy templates
3 # 3 #
4 # The content of this file is evaluated as a Python expression. 4 # The content of this file is evaluated as a Python expression.
5 # 5 #
6 # This file is used as input to generate the following policy templates: 6 # This file is used as input to generate the following policy templates:
7 # ADM, ADMX+ADML, MCX/plist and html documentation. 7 # ADM, ADMX+ADML, MCX/plist and html documentation.
8 # 8 #
9 # Policy templates are user interface definitions or documents about the 9 # Policy templates are user interface definitions or documents about the
10 # policies that can be used to configure Chrome. Each policy is a name-value 10 # policies that can be used to configure Chrome. Each policy is a name-value
(...skipping 116 matching lines...) Expand 10 before | Expand all | Expand 10 after
127 # templates and documentation. The policy definition list that Chrome sees 127 # templates and documentation. The policy definition list that Chrome sees
128 # will include policies marked with 'future'. If a WIP policy isn't meant to 128 # will include policies marked with 'future'. If a WIP policy isn't meant to
129 # be seen by the policy providers either, the 'supported_on' key should be set 129 # be seen by the policy providers either, the 'supported_on' key should be set
130 # to an empty list. 130 # to an empty list.
131 # 131 #
132 # IDs: 132 # IDs:
133 # Since a Protocol Buffer definition is generated from this file, unique and 133 # Since a Protocol Buffer definition is generated from this file, unique and
134 # persistent IDs for all fields (but not for groups!) are needed. These are 134 # persistent IDs for all fields (but not for groups!) are needed. These are
135 # specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs, 135 # specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs,
136 # because doing so would break the deployed wire format! 136 # because doing so would break the deployed wire format!
137 # For your editing convenience: highest ID currently used: 309 137 # For your editing convenience: highest ID currently used: 310
138 # 138 #
139 # Placeholders: 139 # Placeholders:
140 # The following placeholder strings are automatically substituted: 140 # The following placeholder strings are automatically substituted:
141 # $1 -> Google Chrome / Chromium 141 # $1 -> Google Chrome / Chromium
142 # $2 -> Google Chrome OS / Chromium OS 142 # $2 -> Google Chrome OS / Chromium OS
143 # $3 -> Google Chrome Frame / Chromium Frame 143 # $3 -> Google Chrome Frame / Chromium Frame
144 # $6 is reserved for doc_writer 144 # $6 is reserved for doc_writer
145 # 145 #
146 # Device Policy: 146 # Device Policy:
147 # An additional flag 'device_only' (optional, defaults to False) indicates 147 # An additional flag 'device_only' (optional, defaults to False) indicates
(...skipping 7602 matching lines...) Expand 10 before | Expand all | Expand 10 after
7750 7750
7751 When a TLS handshake fails, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</e x></ph> will retry the connection with a lesser version of TLS in order to work around bugs in HTTPS servers. This setting configures the version at which this fallback process will stop. If a server performs version negotiation correctly ( i.e. without breaking the connection) then this setting doesn't apply. Regardles s, the resulting connection must still comply with SSLVersionMin. 7751 When a TLS handshake fails, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</e x></ph> will retry the connection with a lesser version of TLS in order to work around bugs in HTTPS servers. This setting configures the version at which this fallback process will stop. If a server performs version negotiation correctly ( i.e. without breaking the connection) then this setting doesn't apply. Regardles s, the resulting connection must still comply with SSLVersionMin.
7752 7752
7753 If this policy is not configured then <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> uses a default minimum version which is TLS 1.0 in <ph name="P RODUCT_NAME">$1<ex>Google Chrome</ex></ph> 44 and TLS 1.1 in later versions. Not e this does not disable support for TLS 1.0, only whether <ph name="PRODUCT_NAME ">$1<ex>Google Chrome</ex></ph> will work around buggy servers which cannot nego tiate versions correctly. 7753 If this policy is not configured then <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> uses a default minimum version which is TLS 1.0 in <ph name="P RODUCT_NAME">$1<ex>Google Chrome</ex></ph> 44 and TLS 1.1 in later versions. Not e this does not disable support for TLS 1.0, only whether <ph name="PRODUCT_NAME ">$1<ex>Google Chrome</ex></ph> will work around buggy servers which cannot nego tiate versions correctly.
7754 7754
7755 Otherwise it may be set to one of the following values: "tls1", "tls1.1" o r "tls1.2". If compatibility with a buggy server must be maintained, this may be set to "tls1". This is a stopgap measure and the server should be rapidly fixed . 7755 Otherwise it may be set to one of the following values: "tls1", "tls1.1" o r "tls1.2". If compatibility with a buggy server must be maintained, this may be set to "tls1". This is a stopgap measure and the server should be rapidly fixed .
7756 7756
7757 A setting of "tls1.2" disables all fallback but this may have a significan t compatibility impact.''', 7757 A setting of "tls1.2" disables all fallback but this may have a significan t compatibility impact.''',
7758 }, 7758 },
7759 { 7759 {
7760 'name': 'RC4Enabled',
7761 'type': 'main',
7762 'schema': {
7763 'type': 'boolean',
7764 },
7765 'supported_on': [
7766 'chrome.*:48-52',
7767 'chrome_os:48-52',
7768 'android:48-52',
7769 'ios:48-52',
7770 ],
7771 'features': {
7772 'dynamic_refresh': True,
7773 'per_profile': False,
7774 },
7775 'example_value': False,
7776 'id': 310,
7777 'caption': '''Whether RC4 cipher suites in TLS are enabled''',
7778 'tags': ['system-security'],
7779 'desc': '''Warning: RC4 will be completely removed from <ph name="PRODUCT_ NAME">$1<ex>Google Chrome</ex></ph> after version 52 (around September 2016) and this policy will stop working then.
7780
7781 If the policy is not set, or is set to false, then RC4 cipher suites in TL S will not be enabled. Otherwise it may be set to true to retain compatibility w ith an outdated server. This is a stopgap measure and the server should be recon figured.''',
7782 },
7783 {
7760 'name': 'ContextualSearchEnabled', 7784 'name': 'ContextualSearchEnabled',
7761 'type': 'main', 7785 'type': 'main',
7762 'schema': { 'type': 'boolean' }, 7786 'schema': { 'type': 'boolean' },
7763 'supported_on': [ 7787 'supported_on': [
7764 'android:40-', 7788 'android:40-',
7765 ], 7789 ],
7766 'features': { 7790 'features': {
7767 'dynamic_refresh': True, 7791 'dynamic_refresh': True,
7768 'per_profile': True, 7792 'per_profile': True,
7769 }, 7793 },
(...skipping 324 matching lines...) Expand 10 before | Expand all | Expand 10 after
8094 'desc': '''Text appended in parentheses next to the policies top-level con tainer to indicate that those policies are of the Recommended level''', 8118 'desc': '''Text appended in parentheses next to the policies top-level con tainer to indicate that those policies are of the Recommended level''',
8095 'text': 'Default Settings (users can override)', 8119 'text': 'Default Settings (users can override)',
8096 }, 8120 },
8097 'doc_complex_policies_on_windows': { 8121 'doc_complex_policies_on_windows': {
8098 'desc': '''Text pointing the user to a help article for complex policies o n Windows''', 8122 'desc': '''Text pointing the user to a help article for complex policies o n Windows''',
8099 'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POL ICIES_URL">https://www.chromium.org/administrators/complex-policies-on-windows<e x>https://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>' '', 8123 'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POL ICIES_URL">https://www.chromium.org/administrators/complex-policies-on-windows<e x>https://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>' '',
8100 }, 8124 },
8101 }, 8125 },
8102 'placeholders': [], 8126 'placeholders': [],
8103 } 8127 }
OLDNEW
« no previous file with comments | « chrome/test/data/policy/policy_test_cases.json ('k') | components/ssl_config/ssl_config_prefs.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698