OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ | 5 #ifndef NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ |
6 #define NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ | 6 #define NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
(...skipping 28 matching lines...) Expand all Loading... |
39 // suites in this form will not return an error. | 39 // suites in this form will not return an error. |
40 // | 40 // |
41 // Returns true if the cipher suite was successfully parsed, storing the | 41 // Returns true if the cipher suite was successfully parsed, storing the |
42 // result in |cipher_suite|. | 42 // result in |cipher_suite|. |
43 // | 43 // |
44 // TODO(rsleevi): Support the full strings defined in the IANA TLS parameters | 44 // TODO(rsleevi): Support the full strings defined in the IANA TLS parameters |
45 // list. | 45 // list. |
46 NET_EXPORT bool ParseSSLCipherString(const std::string& cipher_string, | 46 NET_EXPORT bool ParseSSLCipherString(const std::string& cipher_string, |
47 uint16* cipher_suite); | 47 uint16* cipher_suite); |
48 | 48 |
| 49 // |cipher_suite| is the IANA id for the cipher suite. What a "secure" |
| 50 // cipher suite is arbitrarily determined here. The intent is to indicate what |
| 51 // cipher suites meet modern security standards when backwards compatibility can |
| 52 // be ignored. Notably, HTTP/2 requires/encourages this sort of validation of |
| 53 // cipher suites: https://http2.github.io/http2-spec/#TLSUsage. |
| 54 // |
| 55 // Currently, this function follows these criteria: |
| 56 // 1) Only uses forward secure key exchanges |
| 57 // 2) Only uses AEADs |
| 58 NET_EXPORT_PRIVATE bool IsSecureTLSCipherSuite(uint16 cipher_suite); |
| 59 |
49 } // namespace net | 60 } // namespace net |
50 | 61 |
51 #endif // NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ | 62 #endif // NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ |
OLD | NEW |