Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(237)

Side by Side Diff: components/policy/resources/policy_templates.json

Issue 2102783003: Add enterprise policy to exempt hosts from Certificate Transparency (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@enterprise_ct
Patch Set: Fully shutdown prefs Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 { 1 {
2 # policy_templates.json - Metafile for policy templates 2 # policy_templates.json - Metafile for policy templates
3 # 3 #
4 # The content of this file is evaluated as a Python expression. 4 # The content of this file is evaluated as a Python expression.
5 # 5 #
6 # This file is used as input to generate the following policy templates: 6 # This file is used as input to generate the following policy templates:
7 # ADM, ADMX+ADML, MCX/plist and html documentation. 7 # ADM, ADMX+ADML, MCX/plist and html documentation.
8 # 8 #
9 # Policy templates are user interface definitions or documents about the 9 # Policy templates are user interface definitions or documents about the
10 # policies that can be used to configure Chrome. Each policy is a name-value 10 # policies that can be used to configure Chrome. Each policy is a name-value
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after
130 # templates and documentation. The policy definition list that Chrome sees 130 # templates and documentation. The policy definition list that Chrome sees
131 # will include policies marked with 'future'. If a WIP policy isn't meant to 131 # will include policies marked with 'future'. If a WIP policy isn't meant to
132 # be seen by the policy providers either, the 'supported_on' key should be set 132 # be seen by the policy providers either, the 'supported_on' key should be set
133 # to an empty list. 133 # to an empty list.
134 # 134 #
135 # IDs: 135 # IDs:
136 # Since a Protocol Buffer definition is generated from this file, unique and 136 # Since a Protocol Buffer definition is generated from this file, unique and
137 # persistent IDs for all fields (but not for groups!) are needed. These are 137 # persistent IDs for all fields (but not for groups!) are needed. These are
138 # specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs, 138 # specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs,
139 # because doing so would break the deployed wire format! 139 # because doing so would break the deployed wire format!
140 # For your editing convenience: highest ID currently used: 334 140 # For your editing convenience: highest ID currently used: 335
141 # 141 #
142 # Placeholders: 142 # Placeholders:
143 # The following placeholder strings are automatically substituted: 143 # The following placeholder strings are automatically substituted:
144 # $1 -> Google Chrome / Chromium 144 # $1 -> Google Chrome / Chromium
145 # $2 -> Google Chrome OS / Chromium OS 145 # $2 -> Google Chrome OS / Chromium OS
146 # $3 -> Google Chrome Frame / Chromium Frame 146 # $3 -> Google Chrome Frame / Chromium Frame
147 # $6 is reserved for doc_writer 147 # $6 is reserved for doc_writer
148 # 148 #
149 # Device Policy: 149 # Device Policy:
150 # An additional flag 'device_only' (optional, defaults to False) indicates 150 # An additional flag 'device_only' (optional, defaults to False) indicates
(...skipping 7771 matching lines...) Expand 10 before | Expand all | Expand 10 after
7922 'tags': ['system-security'], 7922 'tags': ['system-security'],
7923 'desc': '''Warning: The TLS version fallback will be removed from <ph name ="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> after version 52 (around September 2016) and this policy will stop working then. 7923 'desc': '''Warning: The TLS version fallback will be removed from <ph name ="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> after version 52 (around September 2016) and this policy will stop working then.
7924 7924
7925 When a TLS handshake fails, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</e x></ph> would previously retry the connection with a lesser version of TLS in or der to work around bugs in HTTPS servers. This setting configures the version at which this fallback process will stop. If a server performs version negotiation correctly (i.e. without breaking the connection) then this setting doesn't appl y. Regardless, the resulting connection must still comply with SSLVersionMin. 7925 When a TLS handshake fails, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</e x></ph> would previously retry the connection with a lesser version of TLS in or der to work around bugs in HTTPS servers. This setting configures the version at which this fallback process will stop. If a server performs version negotiation correctly (i.e. without breaking the connection) then this setting doesn't appl y. Regardless, the resulting connection must still comply with SSLVersionMin.
7926 7926
7927 If this policy is not configured or if it is set to "tls1.2" then <ph name ="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> no longer performs this fallback. Note this does not disable support for older TLS versions, only whether <ph name ="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will work around buggy servers whi ch cannot negotiate versions correctly. 7927 If this policy is not configured or if it is set to "tls1.2" then <ph name ="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> no longer performs this fallback. Note this does not disable support for older TLS versions, only whether <ph name ="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will work around buggy servers whi ch cannot negotiate versions correctly.
7928 7928
7929 Otherwise, if compatibility with a buggy server must be maintained, this p olicy may be set to "tls1.1". This is a stopgap measure and the server should be rapidly fixed.''', 7929 Otherwise, if compatibility with a buggy server must be maintained, this p olicy may be set to "tls1.1". This is a stopgap measure and the server should be rapidly fixed.''',
7930 }, 7930 },
7931 { 7931 {
7932 'name': 'CertificateTransparencyEnforcementDisabledForUrls',
7933 'type': 'list',
7934 'schema': {
7935 'type': 'array',
7936 'items': { 'type': 'string' },
7937 },
7938 'supported_on': [
7939 'chrome.*:53-',
7940 'chrome_os:53-',
7941 'android:53-',
7942 ],
7943 'features': {
7944 'dynamic_refresh': True,
7945 'per_profile': False,
7946 },
7947 'example_value': ['example.com', '.example.com'],
7948 'id': 335,
7949 'caption': '''Disable Certificate Transparency enforcement for a list of U RLs''',
7950 'tags': ['system-security'],
7951 'desc': '''Disables enforcing Certificate Transparency requirements to the listed URLs.
7952
7953 This policy allows certificates for the hostnames in the specified URLs to not be disclosed via Certificate Transparency. This allows certificates that wo uld otherwise be untrusted, because they were not properly publicly disclosed, t o continue to be used, but makes it harder to detect misissued certificates for those hosts.
7954
7955 A URL pattern is formatted according to https://www.chromium.org/administr ators/url-blacklist-filter-format. However, because certificates are valid for a given hostname independent of the scheme, port, or path, only the hostname port ion of the URL is considered. Wildcard hosts are not supported.
7956
7957 If this policy is not set, any certificate that is required to be disclose d via Certificate Transparency will be treated as untrusted if it is not disclos ed according to the Certificate Transparency policy.''',
7958 },
7959 {
7932 'name': 'RC4Enabled', 7960 'name': 'RC4Enabled',
7933 'type': 'main', 7961 'type': 'main',
7934 'schema': { 7962 'schema': {
7935 'type': 'boolean', 7963 'type': 'boolean',
7936 }, 7964 },
7937 'supported_on': [ 7965 'supported_on': [
7938 'chrome.*:48-52', 7966 'chrome.*:48-52',
7939 'chrome_os:48-52', 7967 'chrome_os:48-52',
7940 'android:48-52', 7968 'android:48-52',
7941 'ios:48-52', 7969 'ios:48-52',
(...skipping 849 matching lines...) Expand 10 before | Expand all | Expand 10 after
8791 'desc': '''Text appended in parentheses next to the policies top-level con tainer to indicate that those policies are of the Recommended level''', 8819 'desc': '''Text appended in parentheses next to the policies top-level con tainer to indicate that those policies are of the Recommended level''',
8792 'text': 'Default Settings (users can override)', 8820 'text': 'Default Settings (users can override)',
8793 }, 8821 },
8794 'doc_complex_policies_on_windows': { 8822 'doc_complex_policies_on_windows': {
8795 'desc': '''Text pointing the user to a help article for complex policies o n Windows''', 8823 'desc': '''Text pointing the user to a help article for complex policies o n Windows''',
8796 'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POL ICIES_URL">https://www.chromium.org/administrators/complex-policies-on-windows<e x>https://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>' '', 8824 'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POL ICIES_URL">https://www.chromium.org/administrators/complex-policies-on-windows<e x>https://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>' '',
8797 }, 8825 },
8798 }, 8826 },
8799 'placeholders': [], 8827 'placeholders': [],
8800 } 8828 }
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698