OLD | NEW |
1 { | 1 { |
2 # policy_templates.json - Metafile for policy templates | 2 # policy_templates.json - Metafile for policy templates |
3 # | 3 # |
4 # The content of this file is evaluated as a Python expression. | 4 # The content of this file is evaluated as a Python expression. |
5 # | 5 # |
6 # This file is used as input to generate the following policy templates: | 6 # This file is used as input to generate the following policy templates: |
7 # ADM, ADMX+ADML, MCX/plist and html documentation. | 7 # ADM, ADMX+ADML, MCX/plist and html documentation. |
8 # | 8 # |
9 # Policy templates are user interface definitions or documents about the | 9 # Policy templates are user interface definitions or documents about the |
10 # policies that can be used to configure Chrome. Each policy is a name-value | 10 # policies that can be used to configure Chrome. Each policy is a name-value |
(...skipping 7795 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
7806 Otherwise it may be set to one of the following values: "sslv3", "tls1", "
tls1.1" or "tls1.2". When set, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex><
/ph> will not use SSL/TLS versions less than the specified version. An unrecogni
zed value will be ignored. | 7806 Otherwise it may be set to one of the following values: "sslv3", "tls1", "
tls1.1" or "tls1.2". When set, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex><
/ph> will not use SSL/TLS versions less than the specified version. An unrecogni
zed value will be ignored. |
7807 | 7807 |
7808 Note that, despite the number, "sslv3" is an earlier version than "tls1".'
'', | 7808 Note that, despite the number, "sslv3" is an earlier version than "tls1".'
'', |
7809 }, | 7809 }, |
7810 { | 7810 { |
7811 'name': 'SSLVersionFallbackMin', | 7811 'name': 'SSLVersionFallbackMin', |
7812 'type': 'string-enum', | 7812 'type': 'string-enum', |
7813 'schema': { | 7813 'schema': { |
7814 'type': 'string', | 7814 'type': 'string', |
7815 'enum': [ | 7815 'enum': [ |
7816 'tls1', | |
7817 'tls1.1', | 7816 'tls1.1', |
7818 'tls1.2', | 7817 'tls1.2', |
7819 ], | 7818 ], |
7820 }, | 7819 }, |
7821 'items': [ | 7820 'items': [ |
7822 { | 7821 { |
7823 'name': 'TLSv1', | |
7824 'value': 'tls1', | |
7825 'caption': 'TLS 1.0', | |
7826 }, | |
7827 { | |
7828 'name': 'TLSv1.1', | 7822 'name': 'TLSv1.1', |
7829 'value': 'tls1.1', | 7823 'value': 'tls1.1', |
7830 'caption': 'TLS 1.1', | 7824 'caption': 'TLS 1.1', |
7831 }, | 7825 }, |
7832 { | 7826 { |
7833 'name': 'TLSv1.2', | 7827 'name': 'TLSv1.2', |
7834 'value': 'tls1.2', | 7828 'value': 'tls1.2', |
7835 'caption': 'TLS 1.2', | 7829 'caption': 'TLS 1.2', |
7836 }, | 7830 }, |
7837 ], | 7831 ], |
7838 'supported_on': [ | 7832 'supported_on': [ |
7839 'chrome.*:45-47', | 7833 'chrome.*:50-52', |
7840 'chrome_os:45-47', | 7834 'chrome_os:50-52', |
7841 'android:45-47', | 7835 'android:50-52', |
7842 'ios:45-47', | 7836 'ios:50-52', |
7843 ], | 7837 ], |
7844 'features': { | 7838 'features': { |
7845 'dynamic_refresh': True, | 7839 'dynamic_refresh': True, |
7846 'per_profile': False, | 7840 'per_profile': False, |
7847 }, | 7841 }, |
7848 'example_value': 'tls1.1', | 7842 'example_value': 'tls1.1', |
7849 'id': 280, | 7843 'id': 280, |
7850 'caption': '''Minimum TLS version to fallback to''', | 7844 'caption': '''Minimum TLS version to fallback to''', |
7851 'tags': [], | 7845 'tags': ['system-security'], |
7852 'desc': '''Warning: The TLS 1.0 version fallback will be removed from <ph
name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> after version 47 (around Janua
ry 2016) and the "tls1" option will stop working then. | 7846 'desc': '''Warning: The TLS version fallback will be removed from <ph name
="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> after version 52 (around September
2016) and this policy will stop working then. |
7853 | 7847 |
7854 When a TLS handshake fails, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</e
x></ph> will retry the connection with a lesser version of TLS in order to work
around bugs in HTTPS servers. This setting configures the version at which this
fallback process will stop. If a server performs version negotiation correctly (
i.e. without breaking the connection) then this setting doesn't apply. Regardles
s, the resulting connection must still comply with SSLVersionMin. | 7848 When a TLS handshake fails, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</e
x></ph> would previously retry the connection with a lesser version of TLS in or
der to work around bugs in HTTPS servers. This setting configures the version at
which this fallback process will stop. If a server performs version negotiation
correctly (i.e. without breaking the connection) then this setting doesn't appl
y. Regardless, the resulting connection must still comply with SSLVersionMin. |
7855 | 7849 |
7856 If this policy is not configured then <ph name="PRODUCT_NAME">$1<ex>Google
Chrome</ex></ph> uses a default minimum version which is TLS 1.0 in <ph name="P
RODUCT_NAME">$1<ex>Google Chrome</ex></ph> 44 and TLS 1.1 in later versions. Not
e this does not disable support for TLS 1.0, only whether <ph name="PRODUCT_NAME
">$1<ex>Google Chrome</ex></ph> will work around buggy servers which cannot nego
tiate versions correctly. | 7850 If this policy is not configured then <ph name="PRODUCT_NAME">$1<ex>Google
Chrome</ex></ph> no longer performs this fallback. Note this does not disable s
upport for older TLS versions, only whether <ph name="PRODUCT_NAME">$1<ex>Google
Chrome</ex></ph> will work around buggy servers which cannot negotiate versions
correctly. |
7857 | 7851 |
7858 Otherwise it may be set to one of the following values: "tls1", "tls1.1" o
r "tls1.2". If compatibility with a buggy server must be maintained, this may be
set to "tls1". This is a stopgap measure and the server should be rapidly fixed
. | 7852 Otherwise it may be set to one of the following values: "tls1.1" or "tls1.
2". If compatibility with a buggy server must be maintained, this may be set to
"tls1.1". This is a stopgap measure and the server should be rapidly fixed.''', |
7859 | |
7860 A setting of "tls1.2" disables all fallback but this may have a significan
t compatibility impact.''', | |
7861 }, | 7853 }, |
7862 { | 7854 { |
7863 'name': 'RC4Enabled', | 7855 'name': 'RC4Enabled', |
7864 'type': 'main', | 7856 'type': 'main', |
7865 'schema': { | 7857 'schema': { |
7866 'type': 'boolean', | 7858 'type': 'boolean', |
7867 }, | 7859 }, |
7868 'supported_on': [ | 7860 'supported_on': [ |
7869 'chrome.*:48-52', | 7861 'chrome.*:48-52', |
7870 'chrome_os:48-52', | 7862 'chrome_os:48-52', |
(...skipping 406 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
8277 'desc': '''Text appended in parentheses next to the policies top-level con
tainer to indicate that those policies are of the Recommended level''', | 8269 'desc': '''Text appended in parentheses next to the policies top-level con
tainer to indicate that those policies are of the Recommended level''', |
8278 'text': 'Default Settings (users can override)', | 8270 'text': 'Default Settings (users can override)', |
8279 }, | 8271 }, |
8280 'doc_complex_policies_on_windows': { | 8272 'doc_complex_policies_on_windows': { |
8281 'desc': '''Text pointing the user to a help article for complex policies o
n Windows''', | 8273 'desc': '''Text pointing the user to a help article for complex policies o
n Windows''', |
8282 'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POL
ICIES_URL">https://www.chromium.org/administrators/complex-policies-on-windows<e
x>https://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>'
'', | 8274 'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POL
ICIES_URL">https://www.chromium.org/administrators/complex-policies-on-windows<e
x>https://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>'
'', |
8283 }, | 8275 }, |
8284 }, | 8276 }, |
8285 'placeholders': [], | 8277 'placeholders': [], |
8286 } | 8278 } |
OLD | NEW |