Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(123)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/ssl/ssl_config.h

Issue 1422293002: Remove RC4 by default. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rebase Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/socket/ssl_client_socket_unittest.cc ('k') | net/ssl/ssl_config.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_SSL_SSL_CONFIG_H_ 5 #ifndef NET_SSL_SSL_CONFIG_H_
6 #define NET_SSL_SSL_CONFIG_H_ 6 #define NET_SSL_SSL_CONFIG_H_
7 7
8 #include <stdint.h> 8 #include <stdint.h>
9 9
10 #include "base/memory/ref_counted.h" 10 #include "base/memory/ref_counted.h"
(...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after
102 // The ciphers listed in |disabled_cipher_suites| will be removed in addition 102 // The ciphers listed in |disabled_cipher_suites| will be removed in addition
103 // to the above list. 103 // to the above list.
104 // 104 //
105 // Though cipher suites are sent in TLS as "uint8 CipherSuite[2]", in 105 // Though cipher suites are sent in TLS as "uint8 CipherSuite[2]", in
106 // big-endian form, they should be declared in host byte order, with the 106 // big-endian form, they should be declared in host byte order, with the
107 // first uint8 occupying the most significant byte. 107 // first uint8 occupying the most significant byte.
108 // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to 108 // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to
109 // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002. 109 // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002.
110 std::vector<uint16> disabled_cipher_suites; 110 std::vector<uint16> disabled_cipher_suites;
111 111
112 // Enables deprecated cipher suites. Currently, RC4 is deprecated. 112 // Enables deprecated cipher suites. These cipher suites are selected under a
113 bool enable_deprecated_cipher_suites; 113 // fallback to distinguish servers which require them from servers which
114 // merely prefer them.
115 //
116 // NOTE: because they are under a fallback, connections are still vulnerable
117 // to them as far as downgrades are concerned, so this should only be used for
118 // measurement of ciphers not to be carried long-term. It is no fix for
119 // servers with bad configurations without full removal.
120 bool deprecated_cipher_suites_enabled;
121
122 // Enables RC4 cipher suites.
123 bool rc4_enabled;
114 124
115 bool channel_id_enabled; // True if TLS channel ID extension is enabled. 125 bool channel_id_enabled; // True if TLS channel ID extension is enabled.
116 bool false_start_enabled; // True if we'll use TLS False Start. 126 bool false_start_enabled; // True if we'll use TLS False Start.
117 // True if the Certificate Transparency signed_certificate_timestamp 127 // True if the Certificate Transparency signed_certificate_timestamp
118 // TLS extension is enabled. 128 // TLS extension is enabled.
119 bool signed_cert_timestamps_enabled; 129 bool signed_cert_timestamps_enabled;
120 130
121 // If true, causes only ECDHE cipher suites to be enabled. 131 // If true, causes only ECDHE cipher suites to be enabled.
122 bool require_ecdhe; 132 bool require_ecdhe;
123 133
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after
175 185
176 // The list of application-level protocols to enable renegotiation for. 186 // The list of application-level protocols to enable renegotiation for.
177 NextProtoVector renego_allowed_for_protos; 187 NextProtoVector renego_allowed_for_protos;
178 188
179 scoped_refptr<X509Certificate> client_cert; 189 scoped_refptr<X509Certificate> client_cert;
180 }; 190 };
181 191
182 } // namespace net 192 } // namespace net
183 193
184 #endif // NET_SSL_SSL_CONFIG_H_ 194 #endif // NET_SSL_SSL_CONFIG_H_
OLDNEW
« no previous file with comments | « net/socket/ssl_client_socket_unittest.cc ('k') | net/ssl/ssl_config.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698