OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_SSL_SSL_CONFIG_H_ | 5 #ifndef NET_SSL_SSL_CONFIG_H_ |
6 #define NET_SSL_SSL_CONFIG_H_ | 6 #define NET_SSL_SSL_CONFIG_H_ |
7 | 7 |
8 #include "base/basictypes.h" | 8 #include "base/basictypes.h" |
9 #include "base/memory/ref_counted.h" | 9 #include "base/memory/ref_counted.h" |
10 #include "net/base/net_export.h" | 10 #include "net/base/net_export.h" |
(...skipping 14 matching lines...) Expand all Loading... |
25 SSL_PROTOCOL_VERSION_TLS1_1 = 0x0302, | 25 SSL_PROTOCOL_VERSION_TLS1_1 = 0x0302, |
26 SSL_PROTOCOL_VERSION_TLS1_2 = 0x0303, | 26 SSL_PROTOCOL_VERSION_TLS1_2 = 0x0303, |
27 }; | 27 }; |
28 | 28 |
29 // Default minimum protocol version. | 29 // Default minimum protocol version. |
30 NET_EXPORT extern const uint16 kDefaultSSLVersionMin; | 30 NET_EXPORT extern const uint16 kDefaultSSLVersionMin; |
31 | 31 |
32 // Default maximum protocol version. | 32 // Default maximum protocol version. |
33 NET_EXPORT extern const uint16 kDefaultSSLVersionMax; | 33 NET_EXPORT extern const uint16 kDefaultSSLVersionMax; |
34 | 34 |
| 35 // Default minimum protocol version that it's acceptable to fallback to. |
| 36 NET_EXPORT extern const uint16 kDefaultSSLVersionFallbackMin; |
| 37 |
35 // A collection of SSL-related configuration settings. | 38 // A collection of SSL-related configuration settings. |
36 struct NET_EXPORT SSLConfig { | 39 struct NET_EXPORT SSLConfig { |
37 // Default to revocation checking. | 40 // Default to revocation checking. |
38 // Default to SSL 3.0 ~ default_version_max() on. | 41 // Default to SSL 3.0 ~ default_version_max() on. |
39 SSLConfig(); | 42 SSLConfig(); |
40 ~SSLConfig(); | 43 ~SSLConfig(); |
41 | 44 |
42 // Returns true if |cert| is one of the certs in |allowed_bad_certs|. | 45 // Returns true if |cert| is one of the certs in |allowed_bad_certs|. |
43 // The expected cert status is written to |cert_status|. |*cert_status| can | 46 // The expected cert status is written to |cert_status|. |*cert_status| can |
44 // be NULL if user doesn't care about the cert status. | 47 // be NULL if user doesn't care about the cert status. |
(...skipping 21 matching lines...) Expand all Loading... |
66 bool rev_checking_required_local_anchors; | 69 bool rev_checking_required_local_anchors; |
67 | 70 |
68 // The minimum and maximum protocol versions that are enabled. | 71 // The minimum and maximum protocol versions that are enabled. |
69 // SSL 3.0 is 0x0300, TLS 1.0 is 0x0301, TLS 1.1 is 0x0302, and so on. | 72 // SSL 3.0 is 0x0300, TLS 1.0 is 0x0301, TLS 1.1 is 0x0302, and so on. |
70 // (Use the SSL_PROTOCOL_VERSION_xxx enumerators defined above.) | 73 // (Use the SSL_PROTOCOL_VERSION_xxx enumerators defined above.) |
71 // SSL 2.0 is not supported. If version_max < version_min, it means no | 74 // SSL 2.0 is not supported. If version_max < version_min, it means no |
72 // protocol versions are enabled. | 75 // protocol versions are enabled. |
73 uint16 version_min; | 76 uint16 version_min; |
74 uint16 version_max; | 77 uint16 version_max; |
75 | 78 |
| 79 // version_fallback_min contains the minimum version that is acceptable to |
| 80 // fallback to. Versions before this may be tried to see whether they would |
| 81 // have succeeded and thus to give a better message to the user, but the |
| 82 // resulting connection won't be used in these cases. |
| 83 uint16 version_fallback_min; |
| 84 |
76 // Presorted list of cipher suites which should be explicitly prevented from | 85 // Presorted list of cipher suites which should be explicitly prevented from |
77 // being used in addition to those disabled by the net built-in policy. | 86 // being used in addition to those disabled by the net built-in policy. |
78 // | 87 // |
79 // By default, all cipher suites supported by the underlying SSL | 88 // By default, all cipher suites supported by the underlying SSL |
80 // implementation will be enabled except for: | 89 // implementation will be enabled except for: |
81 // - Null encryption cipher suites. | 90 // - Null encryption cipher suites. |
82 // - Weak cipher suites: < 80 bits of security strength. | 91 // - Weak cipher suites: < 80 bits of security strength. |
83 // - FORTEZZA cipher suites (obsolete). | 92 // - FORTEZZA cipher suites (obsolete). |
84 // - IDEA cipher suites (RFC 5469 explains why). | 93 // - IDEA cipher suites (RFC 5469 explains why). |
85 // - Anonymous cipher suites. | 94 // - Anonymous cipher suites. |
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
147 // client's protocol sets, then the first protocol in this list will be | 156 // client's protocol sets, then the first protocol in this list will be |
148 // requested by the client. | 157 // requested by the client. |
149 std::vector<std::string> next_protos; | 158 std::vector<std::string> next_protos; |
150 | 159 |
151 scoped_refptr<X509Certificate> client_cert; | 160 scoped_refptr<X509Certificate> client_cert; |
152 }; | 161 }; |
153 | 162 |
154 } // namespace net | 163 } // namespace net |
155 | 164 |
156 #endif // NET_SSL_SSL_CONFIG_H_ | 165 #endif // NET_SSL_SSL_CONFIG_H_ |
OLD | NEW |