Index: components/policy/resources/policy_templates.json |
diff --git a/components/policy/resources/policy_templates.json b/components/policy/resources/policy_templates.json |
index 50a03e41f3f3fb7d3926166cea634f3780bfe3b6..59c2422057da7eb8c33a5291ea75cd44fdbbe4e0 100644 |
--- a/components/policy/resources/policy_templates.json |
+++ b/components/policy/resources/policy_templates.json |
@@ -137,7 +137,7 @@ |
# persistent IDs for all fields (but not for groups!) are needed. These are |
# specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs, |
# because doing so would break the deployed wire format! |
-# For your editing convenience: highest ID currently used: 333 |
+# For your editing convenience: highest ID currently used: 334 |
# |
# Placeholders: |
# The following placeholder strings are automatically substituted: |
@@ -7946,6 +7946,32 @@ |
If the policy is not set, or is set to false, then RC4 cipher suites in TLS will not be enabled. Otherwise it may be set to true to retain compatibility with an outdated server. This is a stopgap measure and the server should be reconfigured.''', |
}, |
{ |
+ 'name': 'DHEEnabled', |
+ 'type': 'main', |
+ 'schema': { |
+ 'type': 'boolean', |
+ }, |
+ 'supported_on': [ |
+ 'chrome.*:53-57', |
+ 'chrome_os:53-57', |
+ 'android:53-57', |
+ 'ios:53-57', |
+ ], |
+ 'features': { |
+ 'dynamic_refresh': True, |
+ 'per_profile': False, |
+ }, |
+ 'example_value': False, |
+ 'id': 334, |
+ 'caption': '''Whether DHE cipher suites in TLS are enabled''', |
+ 'tags': ['system-security'], |
+ 'desc': '''Warning: DHE will be completely removed from <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> after version 57 (around March 2017) and this policy will stop working then. |
+ |
+ If the policy is not set, or is set to false, then DHE cipher suites in TLS will not be enabled. Otherwise it may be set to true to enable DHE cipher suites and retain compatibility with an outdated server. This is a stopgap measure and the server should be reconfigured. |
+ |
+ Servers are encouraged to migrated to ECDHE cipher suites. If these are unavailable, ensure a cipher suite using RSA key exchange is enabled.''', |
+ }, |
+ { |
'name': 'ContextualSearchEnabled', |
'type': 'main', |
'schema': { 'type': 'boolean' }, |