OLD | NEW |
1 { | 1 { |
2 # policy_templates.json - Metafile for policy templates | 2 # policy_templates.json - Metafile for policy templates |
3 # | 3 # |
4 # The content of this file is evaluated as a Python expression. | 4 # The content of this file is evaluated as a Python expression. |
5 # | 5 # |
6 # This file is used as input to generate the following policy templates: | 6 # This file is used as input to generate the following policy templates: |
7 # ADM, ADMX+ADML, MCX/plist and html documentation. | 7 # ADM, ADMX+ADML, MCX/plist and html documentation. |
8 # | 8 # |
9 # Policy templates are user interface definitions or documents about the | 9 # Policy templates are user interface definitions or documents about the |
10 # policies that can be used to configure Chrome. Each policy is a name-value | 10 # policies that can be used to configure Chrome. Each policy is a name-value |
(...skipping 7818 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
7829 Otherwise it may be set to one of the following values: "sslv3", "tls1", "
tls1.1" or "tls1.2". When set, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex><
/ph> will not use SSL/TLS versions less than the specified version. An unrecogni
zed value will be ignored. | 7829 Otherwise it may be set to one of the following values: "sslv3", "tls1", "
tls1.1" or "tls1.2". When set, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex><
/ph> will not use SSL/TLS versions less than the specified version. An unrecogni
zed value will be ignored. |
7830 | 7830 |
7831 Note that, despite the number, "sslv3" is an earlier version than "tls1".'
'', | 7831 Note that, despite the number, "sslv3" is an earlier version than "tls1".'
'', |
7832 }, | 7832 }, |
7833 { | 7833 { |
7834 'name': 'SSLVersionFallbackMin', | 7834 'name': 'SSLVersionFallbackMin', |
7835 'type': 'string-enum', | 7835 'type': 'string-enum', |
7836 'schema': { | 7836 'schema': { |
7837 'type': 'string', | 7837 'type': 'string', |
7838 'enum': [ | 7838 'enum': [ |
7839 'tls1', | |
7840 'tls1.1', | 7839 'tls1.1', |
7841 'tls1.2', | 7840 'tls1.2', |
7842 ], | 7841 ], |
7843 }, | 7842 }, |
7844 'items': [ | 7843 'items': [ |
7845 { | 7844 { |
7846 'name': 'TLSv1', | |
7847 'value': 'tls1', | |
7848 'caption': 'TLS 1.0', | |
7849 }, | |
7850 { | |
7851 'name': 'TLSv1.1', | 7845 'name': 'TLSv1.1', |
7852 'value': 'tls1.1', | 7846 'value': 'tls1.1', |
7853 'caption': 'TLS 1.1', | 7847 'caption': 'TLS 1.1', |
7854 }, | 7848 }, |
7855 { | 7849 { |
7856 'name': 'TLSv1.2', | 7850 'name': 'TLSv1.2', |
7857 'value': 'tls1.2', | 7851 'value': 'tls1.2', |
7858 'caption': 'TLS 1.2', | 7852 'caption': 'TLS 1.2', |
7859 }, | 7853 }, |
7860 ], | 7854 ], |
7861 'supported_on': [ | 7855 'supported_on': [ |
7862 'chrome.*:45-47', | 7856 'chrome.*:50-52', |
7863 'chrome_os:45-47', | 7857 'chrome_os:50-52', |
7864 'android:45-47', | 7858 'android:50-52', |
7865 'ios:45-47', | 7859 'ios:50-52', |
7866 ], | 7860 ], |
7867 'features': { | 7861 'features': { |
7868 'dynamic_refresh': True, | 7862 'dynamic_refresh': True, |
7869 'per_profile': False, | 7863 'per_profile': False, |
7870 }, | 7864 }, |
7871 'example_value': 'tls1.1', | 7865 'example_value': 'tls1.1', |
7872 'id': 280, | 7866 'id': 280, |
7873 'caption': '''Minimum TLS version to fallback to''', | 7867 'caption': '''Minimum TLS version to fallback to''', |
7874 'tags': [], | 7868 'tags': ['system-security'], |
7875 'desc': '''Warning: The TLS 1.0 version fallback will be removed from <ph
name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> after version 47 (around Janua
ry 2016) and the "tls1" option will stop working then. | 7869 'desc': '''Warning: The TLS version fallback will be removed from <ph name
="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> after version 52 (around September
2016) and this policy will stop working then. |
7876 | 7870 |
7877 When a TLS handshake fails, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</e
x></ph> will retry the connection with a lesser version of TLS in order to work
around bugs in HTTPS servers. This setting configures the version at which this
fallback process will stop. If a server performs version negotiation correctly (
i.e. without breaking the connection) then this setting doesn't apply. Regardles
s, the resulting connection must still comply with SSLVersionMin. | 7871 When a TLS handshake fails, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</e
x></ph> would previously retry the connection with a lesser version of TLS in or
der to work around bugs in HTTPS servers. This setting configures the version at
which this fallback process will stop. If a server performs version negotiation
correctly (i.e. without breaking the connection) then this setting doesn't appl
y. Regardless, the resulting connection must still comply with SSLVersionMin. |
7878 | 7872 |
7879 If this policy is not configured then <ph name="PRODUCT_NAME">$1<ex>Google
Chrome</ex></ph> uses a default minimum version which is TLS 1.0 in <ph name="P
RODUCT_NAME">$1<ex>Google Chrome</ex></ph> 44 and TLS 1.1 in later versions. Not
e this does not disable support for TLS 1.0, only whether <ph name="PRODUCT_NAME
">$1<ex>Google Chrome</ex></ph> will work around buggy servers which cannot nego
tiate versions correctly. | 7873 If this policy is not configured or if it is set to "tls1.2" then <ph name
="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> no longer performs this fallback.
Note this does not disable support for older TLS versions, only whether <ph name
="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will work around buggy servers whi
ch cannot negotiate versions correctly. |
7880 | 7874 |
7881 Otherwise it may be set to one of the following values: "tls1", "tls1.1" o
r "tls1.2". If compatibility with a buggy server must be maintained, this may be
set to "tls1". This is a stopgap measure and the server should be rapidly fixed
. | 7875 Otherwise, if compatibility with a buggy server must be maintained, this p
olicy may be set to "tls1.1". This is a stopgap measure and the server should be
rapidly fixed.''', |
7882 | |
7883 A setting of "tls1.2" disables all fallback but this may have a significan
t compatibility impact.''', | |
7884 }, | 7876 }, |
7885 { | 7877 { |
7886 'name': 'RC4Enabled', | 7878 'name': 'RC4Enabled', |
7887 'type': 'main', | 7879 'type': 'main', |
7888 'schema': { | 7880 'schema': { |
7889 'type': 'boolean', | 7881 'type': 'boolean', |
7890 }, | 7882 }, |
7891 'supported_on': [ | 7883 'supported_on': [ |
7892 'chrome.*:48-52', | 7884 'chrome.*:48-52', |
7893 'chrome_os:48-52', | 7885 'chrome_os:48-52', |
(...skipping 470 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
8364 'desc': '''Text appended in parentheses next to the policies top-level con
tainer to indicate that those policies are of the Recommended level''', | 8356 'desc': '''Text appended in parentheses next to the policies top-level con
tainer to indicate that those policies are of the Recommended level''', |
8365 'text': 'Default Settings (users can override)', | 8357 'text': 'Default Settings (users can override)', |
8366 }, | 8358 }, |
8367 'doc_complex_policies_on_windows': { | 8359 'doc_complex_policies_on_windows': { |
8368 'desc': '''Text pointing the user to a help article for complex policies o
n Windows''', | 8360 'desc': '''Text pointing the user to a help article for complex policies o
n Windows''', |
8369 'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POL
ICIES_URL">https://www.chromium.org/administrators/complex-policies-on-windows<e
x>https://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>'
'', | 8361 'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POL
ICIES_URL">https://www.chromium.org/administrators/complex-policies-on-windows<e
x>https://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>'
'', |
8370 }, | 8362 }, |
8371 }, | 8363 }, |
8372 'placeholders': [], | 8364 'placeholders': [], |
8373 } | 8365 } |
OLD | NEW |