OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_SSL_SSL_CONFIG_H_ | 5 #ifndef NET_SSL_SSL_CONFIG_H_ |
6 #define NET_SSL_SSL_CONFIG_H_ | 6 #define NET_SSL_SSL_CONFIG_H_ |
7 | 7 |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include "base/memory/ref_counted.h" | 10 #include "base/memory/ref_counted.h" |
(...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
94 // Presorted list of cipher suites which should be explicitly prevented from | 94 // Presorted list of cipher suites which should be explicitly prevented from |
95 // being used in addition to those disabled by the net built-in policy. | 95 // being used in addition to those disabled by the net built-in policy. |
96 // | 96 // |
97 // Though cipher suites are sent in TLS as "uint8_t CipherSuite[2]", in | 97 // Though cipher suites are sent in TLS as "uint8_t CipherSuite[2]", in |
98 // big-endian form, they should be declared in host byte order, with the | 98 // big-endian form, they should be declared in host byte order, with the |
99 // first uint8_t occupying the most significant byte. | 99 // first uint8_t occupying the most significant byte. |
100 // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to | 100 // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to |
101 // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002. | 101 // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002. |
102 std::vector<uint16_t> disabled_cipher_suites; | 102 std::vector<uint16_t> disabled_cipher_suites; |
103 | 103 |
104 // Enables deprecated cipher suites. These cipher suites are selected under a | |
105 // fallback to distinguish servers which require them from servers which | |
106 // merely prefer them. | |
107 // | |
108 // NOTE: because they are under a fallback, connections are still vulnerable | |
109 // to them as far as downgrades are concerned, so this should only be used for | |
110 // measurement of ciphers not to be carried long-term. It is no fix for | |
111 // servers with bad configurations without full removal. | |
112 // | |
113 // TODO(davidben): This is no longer used. Remove | |
114 // it. https://crbug.com/684730. | |
115 bool deprecated_cipher_suites_enabled; | |
116 | |
117 // Enables the version interference probing mode. While TLS 1.3 has avoided | 104 // Enables the version interference probing mode. While TLS 1.3 has avoided |
118 // most endpoint intolerance, middlebox interference with TLS 1.3 is | 105 // most endpoint intolerance, middlebox interference with TLS 1.3 is |
119 // rampant. This causes the connection to be discarded on success with | 106 // rampant. This causes the connection to be discarded on success with |
120 // ERR_SSL_VERSION_INTERFERENCE. | 107 // ERR_SSL_VERSION_INTERFERENCE. |
121 bool version_interference_probe; | 108 bool version_interference_probe; |
122 | 109 |
123 bool channel_id_enabled; // True if TLS channel ID extension is enabled. | 110 bool channel_id_enabled; // True if TLS channel ID extension is enabled. |
124 | 111 |
125 // List of Token Binding key parameters supported by the client. If empty, | 112 // List of Token Binding key parameters supported by the client. If empty, |
126 // Token Binding will be disabled, even if token_binding_enabled is true. | 113 // Token Binding will be disabled, even if token_binding_enabled is true. |
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
177 // The list of application-level protocols to enable renegotiation for. | 164 // The list of application-level protocols to enable renegotiation for. |
178 NextProtoVector renego_allowed_for_protos; | 165 NextProtoVector renego_allowed_for_protos; |
179 | 166 |
180 scoped_refptr<X509Certificate> client_cert; | 167 scoped_refptr<X509Certificate> client_cert; |
181 scoped_refptr<SSLPrivateKey> client_private_key; | 168 scoped_refptr<SSLPrivateKey> client_private_key; |
182 }; | 169 }; |
183 | 170 |
184 } // namespace net | 171 } // namespace net |
185 | 172 |
186 #endif // NET_SSL_SSL_CONFIG_H_ | 173 #endif // NET_SSL_SSL_CONFIG_H_ |
OLD | NEW |