Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(364)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/ssl/ssl_cipher_suite_names.h

Issue 1727133002: Expose TLS settings in the Security panel overview, and call out individual obsolete settings. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Also check that connection_status is not zero, which is the case for 3 browser tests. Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « components/security_state/security_state_model_unittest.cc ('k') | net/ssl/ssl_cipher_suite_names.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ 5 #ifndef NET_SSL_SSL_CIPHER_SUITE_NAMES_H_
6 #define NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ 6 #define NET_SSL_SSL_CIPHER_SUITE_NAMES_H_
7 7
8 #include <stdint.h> 8 #include <stdint.h>
9 9
10 #include <string> 10 #include <string>
(...skipping 29 matching lines...) Expand all
40 // suites in this form will not return an error. 40 // suites in this form will not return an error.
41 // 41 //
42 // Returns true if the cipher suite was successfully parsed, storing the 42 // Returns true if the cipher suite was successfully parsed, storing the
43 // result in |cipher_suite|. 43 // result in |cipher_suite|.
44 // 44 //
45 // TODO(rsleevi): Support the full strings defined in the IANA TLS parameters 45 // TODO(rsleevi): Support the full strings defined in the IANA TLS parameters
46 // list. 46 // list.
47 NET_EXPORT bool ParseSSLCipherString(const std::string& cipher_string, 47 NET_EXPORT bool ParseSSLCipherString(const std::string& cipher_string,
48 uint16_t* cipher_suite); 48 uint16_t* cipher_suite);
49 49
50 // |cipher_suite| is the IANA id for the cipher suite. What a "secure" 50 // Mask definitions for an integer that holds obsolete SSL setting details.
51 // cipher suite is arbitrarily determined here. The intent is to indicate what 51 enum ObsoleteSSLMask {
52 // cipher suites meet modern security standards when backwards compatibility can 52 OBSOLETE_SSL_NONE = 0, // Modern SSL
53 // be ignored. 53 OBSOLETE_SSL_MASK_PROTOCOL = 1 << 0,
54 OBSOLETE_SSL_MASK_KEY_EXCHANGE = 1 << 1,
55 OBSOLETE_SSL_MASK_CIPHER = 1 << 2,
56 };
57
58 // Takes the given |connection_status| and returns a bitmask indicating which of
59 // the protocol, key exchange, and cipher suite do not meet modern best-practice
60 // security standards (when backwards compatibility can be ignored) - that is,
61 // which ones are "obsolete".
54 // 62 //
55 // Currently, this function follows these criteria: 63 // Currently, this function uses the following criteria to determine what is
56 // 1) Only uses ECDHE-based key exchanges authenticated by a certificate 64 // obsolete:
57 // 2) Only uses AEADs 65 //
58 NET_EXPORT bool IsSecureTLSCipherSuite(uint16_t cipher_suite); 66 // - Protocol: less than TLS 1.2
67 // - Key exchange: Does not use ECDHE-based key exchanges authenticated by a
68 // certificate
69 // - Cipher: not an AEAD cipher
70 NET_EXPORT int ObsoleteSSLStatus(int connection_status);
59 71
60 // Returns true if |cipher_suite| is suitable for use with HTTP/2. See 72 // Returns true if |cipher_suite| is suitable for use with HTTP/2. See
61 // https://http2.github.io/http2-spec/#rfc.section.9.2.2. 73 // https://http2.github.io/http2-spec/#rfc.section.9.2.2.
62 NET_EXPORT bool IsTLSCipherSuiteAllowedByHTTP2(uint16_t cipher_suite); 74 NET_EXPORT bool IsTLSCipherSuiteAllowedByHTTP2(uint16_t cipher_suite);
63 75
64 // Returns the static curve name of |key_exchange_info| if the |cipher_suite| 76 // Returns the static curve name of |key_exchange_info| if the |cipher_suite|
65 // is an elliptic curve, and a name is known. Returns nullptr otherwise. 77 // is an elliptic curve, and a name is known. Returns nullptr otherwise.
66 // Only defined for OpenSSL, returns nullptr otherwise. 78 // Only defined for OpenSSL, returns nullptr otherwise.
67 NET_EXPORT const char* ECCurveName(uint16_t cipher_suite, 79 NET_EXPORT const char* ECCurveName(uint16_t cipher_suite,
68 int key_exchange_info); 80 int key_exchange_info);
69 81
70 } // namespace net 82 } // namespace net
71 83
72 #endif // NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ 84 #endif // NET_SSL_SSL_CIPHER_SUITE_NAMES_H_
OLDNEW
« no previous file with comments | « components/security_state/security_state_model_unittest.cc ('k') | net/ssl/ssl_cipher_suite_names.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698