OLD | NEW |
---|---|
1 { | 1 { |
2 # policy_templates.json - Metafile for policy templates | 2 # policy_templates.json - Metafile for policy templates |
3 # | 3 # |
4 # The content of this file is evaluated as a Python expression. | 4 # The content of this file is evaluated as a Python expression. |
5 # | 5 # |
6 # This file is used as input to generate the following policy templates: | 6 # This file is used as input to generate the following policy templates: |
7 # ADM, ADMX+ADML, MCX/plist and html documentation. | 7 # ADM, ADMX+ADML, MCX/plist and html documentation. |
8 # | 8 # |
9 # Policy templates are user interface definitions or documents about the | 9 # Policy templates are user interface definitions or documents about the |
10 # policies that can be used to configure Chrome. Each policy is a name-value | 10 # policies that can be used to configure Chrome. Each policy is a name-value |
(...skipping 7818 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
7829 Otherwise it may be set to one of the following values: "sslv3", "tls1", " tls1.1" or "tls1.2". When set, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex>< /ph> will not use SSL/TLS versions less than the specified version. An unrecogni zed value will be ignored. | 7829 Otherwise it may be set to one of the following values: "sslv3", "tls1", " tls1.1" or "tls1.2". When set, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex>< /ph> will not use SSL/TLS versions less than the specified version. An unrecogni zed value will be ignored. |
7830 | 7830 |
7831 Note that, despite the number, "sslv3" is an earlier version than "tls1".' '', | 7831 Note that, despite the number, "sslv3" is an earlier version than "tls1".' '', |
7832 }, | 7832 }, |
7833 { | 7833 { |
7834 'name': 'SSLVersionFallbackMin', | 7834 'name': 'SSLVersionFallbackMin', |
7835 'type': 'string-enum', | 7835 'type': 'string-enum', |
7836 'schema': { | 7836 'schema': { |
7837 'type': 'string', | 7837 'type': 'string', |
7838 'enum': [ | 7838 'enum': [ |
7839 'tls1', | |
7840 'tls1.1', | 7839 'tls1.1', |
7841 'tls1.2', | 7840 'tls1.2', |
7842 ], | 7841 ], |
7843 }, | 7842 }, |
7844 'items': [ | 7843 'items': [ |
7845 { | 7844 { |
7846 'name': 'TLSv1', | |
7847 'value': 'tls1', | |
7848 'caption': 'TLS 1.0', | |
7849 }, | |
7850 { | |
7851 'name': 'TLSv1.1', | 7845 'name': 'TLSv1.1', |
7852 'value': 'tls1.1', | 7846 'value': 'tls1.1', |
7853 'caption': 'TLS 1.1', | 7847 'caption': 'TLS 1.1', |
7854 }, | 7848 }, |
7855 { | 7849 { |
7856 'name': 'TLSv1.2', | 7850 'name': 'TLSv1.2', |
7857 'value': 'tls1.2', | 7851 'value': 'tls1.2', |
7858 'caption': 'TLS 1.2', | 7852 'caption': 'TLS 1.2', |
7859 }, | 7853 }, |
7860 ], | 7854 ], |
7861 'supported_on': [ | 7855 'supported_on': [ |
7862 'chrome.*:45-47', | 7856 'chrome.*:50-52', |
7863 'chrome_os:45-47', | 7857 'chrome_os:50-52', |
7864 'android:45-47', | 7858 'android:50-52', |
7865 'ios:45-47', | 7859 'ios:50-52', |
7866 ], | 7860 ], |
7867 'features': { | 7861 'features': { |
7868 'dynamic_refresh': True, | 7862 'dynamic_refresh': True, |
7869 'per_profile': False, | 7863 'per_profile': False, |
7870 }, | 7864 }, |
7871 'example_value': 'tls1.1', | 7865 'example_value': 'tls1.1', |
7872 'id': 280, | 7866 'id': 280, |
7873 'caption': '''Minimum TLS version to fallback to''', | 7867 'caption': '''Minimum TLS version to fallback to''', |
7874 'tags': [], | 7868 'tags': ['system-security'], |
7875 'desc': '''Warning: The TLS 1.0 version fallback will be removed from <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> after version 47 (around Janua ry 2016) and the "tls1" option will stop working then. | 7869 'desc': '''Warning: The TLS version fallback will be removed from <ph name ="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> after version 52 (around September 2016) and this policy will stop working then. |
7876 | 7870 |
7877 When a TLS handshake fails, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</e x></ph> will retry the connection with a lesser version of TLS in order to work around bugs in HTTPS servers. This setting configures the version at which this fallback process will stop. If a server performs version negotiation correctly ( i.e. without breaking the connection) then this setting doesn't apply. Regardles s, the resulting connection must still comply with SSLVersionMin. | 7871 When a TLS handshake fails, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</e x></ph> would previously retry the connection with a lesser version of TLS in or der to work around bugs in HTTPS servers. This setting configures the version at which this fallback process will stop. If a server performs version negotiation correctly (i.e. without breaking the connection) then this setting doesn't appl y. Regardless, the resulting connection must still comply with SSLVersionMin. |
7878 | 7872 |
7879 If this policy is not configured then <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> uses a default minimum version which is TLS 1.0 in <ph name="P RODUCT_NAME">$1<ex>Google Chrome</ex></ph> 44 and TLS 1.1 in later versions. Not e this does not disable support for TLS 1.0, only whether <ph name="PRODUCT_NAME ">$1<ex>Google Chrome</ex></ph> will work around buggy servers which cannot nego tiate versions correctly. | 7873 If this policy is not configured or if it set to "tls1.2" then <ph name="P RODUCT_NAME">$1<ex>Google Chrome</ex></ph> no longer performs this fallback. Not e this does not disable support for older TLS versions, only whether <ph name="P RODUCT_NAME">$1<ex>Google Chrome</ex></ph> will work around buggy servers which cannot negotiate versions correctly. |
Andrew T Wilson (Slow)
2016/02/24 16:02:29
nit: if it is set to
davidben
2016/02/24 18:15:41
Done.
| |
7880 | 7874 |
7881 Otherwise it may be set to one of the following values: "tls1", "tls1.1" o r "tls1.2". If compatibility with a buggy server must be maintained, this may be set to "tls1". This is a stopgap measure and the server should be rapidly fixed . | 7875 Otherwise, if compatibility with a buggy server must be maintained, it may be set to "tls1.1". This is a stopgap measure and the server should be rapidly fixed.''', |
Andrew T Wilson (Slow)
2016/02/24 16:02:29
nit: it -> this policy
davidben
2016/02/24 18:15:41
Done.
| |
7882 | |
7883 A setting of "tls1.2" disables all fallback but this may have a significan t compatibility impact.''', | |
7884 }, | 7876 }, |
7885 { | 7877 { |
7886 'name': 'RC4Enabled', | 7878 'name': 'RC4Enabled', |
7887 'type': 'main', | 7879 'type': 'main', |
7888 'schema': { | 7880 'schema': { |
7889 'type': 'boolean', | 7881 'type': 'boolean', |
7890 }, | 7882 }, |
7891 'supported_on': [ | 7883 'supported_on': [ |
7892 'chrome.*:48-52', | 7884 'chrome.*:48-52', |
7893 'chrome_os:48-52', | 7885 'chrome_os:48-52', |
(...skipping 449 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
8343 'desc': '''Text appended in parentheses next to the policies top-level con tainer to indicate that those policies are of the Recommended level''', | 8335 'desc': '''Text appended in parentheses next to the policies top-level con tainer to indicate that those policies are of the Recommended level''', |
8344 'text': 'Default Settings (users can override)', | 8336 'text': 'Default Settings (users can override)', |
8345 }, | 8337 }, |
8346 'doc_complex_policies_on_windows': { | 8338 'doc_complex_policies_on_windows': { |
8347 'desc': '''Text pointing the user to a help article for complex policies o n Windows''', | 8339 'desc': '''Text pointing the user to a help article for complex policies o n Windows''', |
8348 'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POL ICIES_URL">https://www.chromium.org/administrators/complex-policies-on-windows<e x>https://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>' '', | 8340 'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POL ICIES_URL">https://www.chromium.org/administrators/complex-policies-on-windows<e x>https://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>' '', |
8349 }, | 8341 }, |
8350 }, | 8342 }, |
8351 'placeholders': [], | 8343 'placeholders': [], |
8352 } | 8344 } |
OLD | NEW |