| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_SSL_SSL_CONFIG_H_ | 5 #ifndef NET_SSL_SSL_CONFIG_H_ |
| 6 #define NET_SSL_SSL_CONFIG_H_ | 6 #define NET_SSL_SSL_CONFIG_H_ |
| 7 | 7 |
| 8 #include "base/basictypes.h" | 8 #include "base/basictypes.h" |
| 9 #include "base/memory/ref_counted.h" | 9 #include "base/memory/ref_counted.h" |
| 10 #include "net/base/net_export.h" | 10 #include "net/base/net_export.h" |
| (...skipping 14 matching lines...) Expand all Loading... |
| 25 SSL_PROTOCOL_VERSION_TLS1_1 = 0x0302, | 25 SSL_PROTOCOL_VERSION_TLS1_1 = 0x0302, |
| 26 SSL_PROTOCOL_VERSION_TLS1_2 = 0x0303, | 26 SSL_PROTOCOL_VERSION_TLS1_2 = 0x0303, |
| 27 }; | 27 }; |
| 28 | 28 |
| 29 // Default minimum protocol version. | 29 // Default minimum protocol version. |
| 30 NET_EXPORT extern const uint16 kDefaultSSLVersionMin; | 30 NET_EXPORT extern const uint16 kDefaultSSLVersionMin; |
| 31 | 31 |
| 32 // Default maximum protocol version. | 32 // Default maximum protocol version. |
| 33 NET_EXPORT extern const uint16 kDefaultSSLVersionMax; | 33 NET_EXPORT extern const uint16 kDefaultSSLVersionMax; |
| 34 | 34 |
| 35 // Default minimum protocol version that it's acceptable to fallback to. |
| 36 NET_EXPORT extern const uint16 kDefaultSSLVersionFallbackMin; |
| 37 |
| 35 // A collection of SSL-related configuration settings. | 38 // A collection of SSL-related configuration settings. |
| 36 struct NET_EXPORT SSLConfig { | 39 struct NET_EXPORT SSLConfig { |
| 37 // Default to revocation checking. | 40 // Default to revocation checking. |
| 38 // Default to SSL 3.0 ~ default_version_max() on. | 41 // Default to SSL 3.0 ~ default_version_max() on. |
| 39 SSLConfig(); | 42 SSLConfig(); |
| 40 ~SSLConfig(); | 43 ~SSLConfig(); |
| 41 | 44 |
| 42 // Returns true if |cert| is one of the certs in |allowed_bad_certs|. | 45 // Returns true if |cert| is one of the certs in |allowed_bad_certs|. |
| 43 // The expected cert status is written to |cert_status|. |*cert_status| can | 46 // The expected cert status is written to |cert_status|. |*cert_status| can |
| 44 // be NULL if user doesn't care about the cert status. | 47 // be NULL if user doesn't care about the cert status. |
| (...skipping 21 matching lines...) Expand all Loading... |
| 66 bool rev_checking_required_local_anchors; | 69 bool rev_checking_required_local_anchors; |
| 67 | 70 |
| 68 // The minimum and maximum protocol versions that are enabled. | 71 // The minimum and maximum protocol versions that are enabled. |
| 69 // SSL 3.0 is 0x0300, TLS 1.0 is 0x0301, TLS 1.1 is 0x0302, and so on. | 72 // SSL 3.0 is 0x0300, TLS 1.0 is 0x0301, TLS 1.1 is 0x0302, and so on. |
| 70 // (Use the SSL_PROTOCOL_VERSION_xxx enumerators defined above.) | 73 // (Use the SSL_PROTOCOL_VERSION_xxx enumerators defined above.) |
| 71 // SSL 2.0 is not supported. If version_max < version_min, it means no | 74 // SSL 2.0 is not supported. If version_max < version_min, it means no |
| 72 // protocol versions are enabled. | 75 // protocol versions are enabled. |
| 73 uint16 version_min; | 76 uint16 version_min; |
| 74 uint16 version_max; | 77 uint16 version_max; |
| 75 | 78 |
| 79 // version_fallback_min contains the minimum version that is acceptable to |
| 80 // fallback to. Versions before this may be tried to see whether they would |
| 81 // have succeeded and thus to give a better message to the user, but the |
| 82 // resulting connection won't be used in these cases. |
| 83 uint16 version_fallback_min; |
| 84 |
| 76 // Presorted list of cipher suites which should be explicitly prevented from | 85 // Presorted list of cipher suites which should be explicitly prevented from |
| 77 // being used in addition to those disabled by the net built-in policy. | 86 // being used in addition to those disabled by the net built-in policy. |
| 78 // | 87 // |
| 79 // By default, all cipher suites supported by the underlying SSL | 88 // By default, all cipher suites supported by the underlying SSL |
| 80 // implementation will be enabled except for: | 89 // implementation will be enabled except for: |
| 81 // - Null encryption cipher suites. | 90 // - Null encryption cipher suites. |
| 82 // - Weak cipher suites: < 80 bits of security strength. | 91 // - Weak cipher suites: < 80 bits of security strength. |
| 83 // - FORTEZZA cipher suites (obsolete). | 92 // - FORTEZZA cipher suites (obsolete). |
| 84 // - IDEA cipher suites (RFC 5469 explains why). | 93 // - IDEA cipher suites (RFC 5469 explains why). |
| 85 // - Anonymous cipher suites. | 94 // - Anonymous cipher suites. |
| (...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 147 // client's protocol sets, then the first protocol in this list will be | 156 // client's protocol sets, then the first protocol in this list will be |
| 148 // requested by the client. | 157 // requested by the client. |
| 149 std::vector<std::string> next_protos; | 158 std::vector<std::string> next_protos; |
| 150 | 159 |
| 151 scoped_refptr<X509Certificate> client_cert; | 160 scoped_refptr<X509Certificate> client_cert; |
| 152 }; | 161 }; |
| 153 | 162 |
| 154 } // namespace net | 163 } // namespace net |
| 155 | 164 |
| 156 #endif // NET_SSL_SSL_CONFIG_H_ | 165 #endif // NET_SSL_SSL_CONFIG_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 619463002:
net: disable SSLv3 fallback. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master