Index: net/ssl/ssl_cipher_suite_names.h |
diff --git a/net/ssl/ssl_cipher_suite_names.h b/net/ssl/ssl_cipher_suite_names.h |
index 5145fb24c5ee1393511b3c1ca0f5f40741a39349..f8cdd9b39dafd0492d230c2a1394138322c30a69 100644 |
--- a/net/ssl/ssl_cipher_suite_names.h |
+++ b/net/ssl/ssl_cipher_suite_names.h |
@@ -46,6 +46,13 @@ NET_EXPORT void SSLVersionToString(const char** name, int ssl_version); |
NET_EXPORT bool ParseSSLCipherString(const std::string& cipher_string, |
uint16* cipher_suite); |
+// |cipher_suite| is the IANA id for the cipher suite. What a "modern" |
+// cipher suite is arbitrarily determined here. The intent is to indicate what |
+// cipher suites meet modern security standards when backwards compatibility can |
+// be ignored. Notably, HTTP/2 requires/encourages this sort of validation of |
+// cipher suites: https://http2.github.io/http2-spec/#TLSUsage. |
+NET_EXPORT_PRIVATE bool IsModernTLSCipherSuite(uint16 cipher_suite); |
wtc
2014/05/21 21:51:10
1. Nit: it seems that this function should be rena
willchan no longer on Chromium
2014/05/21 22:55:22
I've renamed to IsSecureTLSCipherSuite and added t
|
+ |
} // namespace net |
#endif // NET_SSL_SSL_CIPHER_SUITE_NAMES_H_ |