| Index: components/policy/resources/policy_templates.json
|
| diff --git a/components/policy/resources/policy_templates.json b/components/policy/resources/policy_templates.json
|
| index 7573cc26f68d8fd272f5f56bcf439ed95addff97..b626efa809c0eddb20130f5a285754fd6409bac8 100644
|
| --- a/components/policy/resources/policy_templates.json
|
| +++ b/components/policy/resources/policy_templates.json
|
| @@ -7836,18 +7836,12 @@
|
| 'schema': {
|
| 'type': 'string',
|
| 'enum': [
|
| - 'tls1',
|
| 'tls1.1',
|
| 'tls1.2',
|
| ],
|
| },
|
| 'items': [
|
| {
|
| - 'name': 'TLSv1',
|
| - 'value': 'tls1',
|
| - 'caption': 'TLS 1.0',
|
| - },
|
| - {
|
| 'name': 'TLSv1.1',
|
| 'value': 'tls1.1',
|
| 'caption': 'TLS 1.1',
|
| @@ -7859,10 +7853,10 @@
|
| },
|
| ],
|
| 'supported_on': [
|
| - 'chrome.*:45-47',
|
| - 'chrome_os:45-47',
|
| - 'android:45-47',
|
| - 'ios:45-47',
|
| + 'chrome.*:50-52',
|
| + 'chrome_os:50-52',
|
| + 'android:50-52',
|
| + 'ios:50-52',
|
| ],
|
| 'features': {
|
| 'dynamic_refresh': True,
|
| @@ -7871,16 +7865,14 @@
|
| 'example_value': 'tls1.1',
|
| 'id': 280,
|
| 'caption': '''Minimum TLS version to fallback to''',
|
| - 'tags': [],
|
| - 'desc': '''Warning: The TLS 1.0 version fallback will be removed from <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> after version 47 (around January 2016) and the "tls1" option will stop working then.
|
| -
|
| - When a TLS handshake fails, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will retry the connection with a lesser version of TLS in order to work around bugs in HTTPS servers. This setting configures the version at which this fallback process will stop. If a server performs version negotiation correctly (i.e. without breaking the connection) then this setting doesn't apply. Regardless, the resulting connection must still comply with SSLVersionMin.
|
| + 'tags': ['system-security'],
|
| + 'desc': '''Warning: The TLS version fallback will be removed from <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> after version 52 (around September 2016) and this policy will stop working then.
|
|
|
| - If this policy is not configured then <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> uses a default minimum version which is TLS 1.0 in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> 44 and TLS 1.1 in later versions. Note this does not disable support for TLS 1.0, only whether <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will work around buggy servers which cannot negotiate versions correctly.
|
| + When a TLS handshake fails, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> would previously retry the connection with a lesser version of TLS in order to work around bugs in HTTPS servers. This setting configures the version at which this fallback process will stop. If a server performs version negotiation correctly (i.e. without breaking the connection) then this setting doesn't apply. Regardless, the resulting connection must still comply with SSLVersionMin.
|
|
|
| - Otherwise it may be set to one of the following values: "tls1", "tls1.1" or "tls1.2". If compatibility with a buggy server must be maintained, this may be set to "tls1". This is a stopgap measure and the server should be rapidly fixed.
|
| + If this policy is not configured or if it is set to "tls1.2" then <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> no longer performs this fallback. Note this does not disable support for older TLS versions, only whether <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will work around buggy servers which cannot negotiate versions correctly.
|
|
|
| - A setting of "tls1.2" disables all fallback but this may have a significant compatibility impact.''',
|
| + Otherwise, if compatibility with a buggy server must be maintained, this policy may be set to "tls1.1". This is a stopgap measure and the server should be rapidly fixed.''',
|
| },
|
| {
|
| 'name': 'RC4Enabled',
|
|
|
Chromium Code Reviews
Issue 1682623002:
Disable the TLS version fallback. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master