OLD | NEW |
1 { | 1 { |
2 # policy_templates.json - Metafile for policy templates | 2 # policy_templates.json - Metafile for policy templates |
3 # | 3 # |
4 # The content of this file is evaluated as a Python expression. | 4 # The content of this file is evaluated as a Python expression. |
5 # | 5 # |
6 # This file is used as input to generate the following policy templates: | 6 # This file is used as input to generate the following policy templates: |
7 # ADM, ADMX+ADML, MCX/plist and html documentation. | 7 # ADM, ADMX+ADML, MCX/plist and html documentation. |
8 # | 8 # |
9 # Policy templates are user interface definitions or documents about the | 9 # Policy templates are user interface definitions or documents about the |
10 # policies that can be used to configure Chrome. Each policy is a name-value | 10 # policies that can be used to configure Chrome. Each policy is a name-value |
(...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
116 # templates and documentation. The policy definition list that Chrome sees | 116 # templates and documentation. The policy definition list that Chrome sees |
117 # will include policies marked with 'future'. If a WIP policy isn't meant to | 117 # will include policies marked with 'future'. If a WIP policy isn't meant to |
118 # be seen by the policy providers either, the 'supported_on' key should be set | 118 # be seen by the policy providers either, the 'supported_on' key should be set |
119 # to an empty list. | 119 # to an empty list. |
120 # | 120 # |
121 # IDs: | 121 # IDs: |
122 # Since a Protocol Buffer definition is generated from this file, unique and | 122 # Since a Protocol Buffer definition is generated from this file, unique and |
123 # persistent IDs for all fields (but not for groups!) are needed. These are | 123 # persistent IDs for all fields (but not for groups!) are needed. These are |
124 # specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs, | 124 # specified by the 'id' keys of each policy. NEVER CHANGE EXISTING IDs, |
125 # because doing so would break the deployed wire format! | 125 # because doing so would break the deployed wire format! |
126 # For your editing convenience: highest ID currently used: 279 | 126 # For your editing convenience: highest ID currently used: 280 |
127 # | 127 # |
128 # Placeholders: | 128 # Placeholders: |
129 # The following placeholder strings are automatically substituted: | 129 # The following placeholder strings are automatically substituted: |
130 # $1 -> Google Chrome / Chromium | 130 # $1 -> Google Chrome / Chromium |
131 # $2 -> Google Chrome OS / Chromium OS | 131 # $2 -> Google Chrome OS / Chromium OS |
132 # $3 -> Google Chrome Frame / Chromium Frame | 132 # $3 -> Google Chrome Frame / Chromium Frame |
133 # $6 is reserved for doc_writer | 133 # $6 is reserved for doc_writer |
134 # | 134 # |
135 # Device Policy: | 135 # Device Policy: |
136 # An additional flag device_only (optional, defaults to False) indicates | 136 # An additional flag device_only (optional, defaults to False) indicates |
(...skipping 6700 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
6837 }, | 6837 }, |
6838 'example_value': 'ssl3', | 6838 'example_value': 'ssl3', |
6839 'id': 279, | 6839 'id': 279, |
6840 'caption': '''Minimum SSL version enabled''', | 6840 'caption': '''Minimum SSL version enabled''', |
6841 'desc': '''If this policy is not configured then <ph name="PRODUCT_NAME">$
1<ex>Google Chrome</ex></ph> will use a default minimum version, which is SSLv3
in Chrome 39 but may be TLS 1.0 in Chrome 40. | 6841 'desc': '''If this policy is not configured then <ph name="PRODUCT_NAME">$
1<ex>Google Chrome</ex></ph> will use a default minimum version, which is SSLv3
in Chrome 39 but may be TLS 1.0 in Chrome 40. |
6842 | 6842 |
6843 Otherwise it may be set to one of the following values: "sslv3", "tls1", "
tls1.1" or "tls1.2". When set, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex><
/ph> will not use SSL/TLS versions less than the specified version. An unrecogni
zed value will be ignored. | 6843 Otherwise it may be set to one of the following values: "sslv3", "tls1", "
tls1.1" or "tls1.2". When set, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex><
/ph> will not use SSL/TLS versions less than the specified version. An unrecogni
zed value will be ignored. |
6844 | 6844 |
6845 Note that, despite the number, "sslv3" is an earier version than "tls1".''
', | 6845 Note that, despite the number, "sslv3" is an earier version than "tls1".''
', |
6846 }, | 6846 }, |
| 6847 { |
| 6848 'name': 'SSLVersionFallbackMin', |
| 6849 'type': 'string-enum', |
| 6850 'schema': { |
| 6851 'type': 'string', |
| 6852 'enum': [ |
| 6853 'ssl3', |
| 6854 'tls1', |
| 6855 'tls1.1', |
| 6856 'tls1.2', |
| 6857 ], |
| 6858 }, |
| 6859 'items': [ |
| 6860 { |
| 6861 'name': 'SSLv3', |
| 6862 'value': 'ssl3', |
| 6863 'caption': 'SSL 3.0', |
| 6864 }, |
| 6865 { |
| 6866 'name': 'TLSv1', |
| 6867 'value': 'tls1', |
| 6868 'caption': 'TLS 1.0', |
| 6869 }, |
| 6870 { |
| 6871 'name': 'TLSv1.1', |
| 6872 'value': 'tls1.1', |
| 6873 'caption': 'TLS 1.1', |
| 6874 }, |
| 6875 { |
| 6876 'name': 'TLSv1.2', |
| 6877 'value': 'tls1.2', |
| 6878 'caption': 'TLS 1.2', |
| 6879 }, |
| 6880 ], |
| 6881 'supported_on': [ |
| 6882 'chrome.*:39-', |
| 6883 'chrome_os:39-', |
| 6884 'android:39-', |
| 6885 'ios:39-', |
| 6886 ], |
| 6887 'features': { |
| 6888 'dynamic_refresh': True, |
| 6889 'per_profile': False, |
| 6890 }, |
| 6891 'example_value': 'tls1', |
| 6892 'id': 280, |
| 6893 'caption': '''Minimum SSL version to fallback to''', |
| 6894 'desc': '''When an SSL/TLS handshake fails, <ph name="PRODUCT_NAME">$1<ex>
Google Chrome</ex></ph> will retry the connection with a lesser version of SSL/T
LS in order to work around bugs in HTTPS servers. This setting configures the ve
rsion at which this fallback process will stop. If a server performs version neg
otiation correctly then this setting doesn't apply and SSLVersionMin controls. |
| 6895 |
| 6896 If this policy is not configured then <ph name="PRODUCT_NAME">$1<ex>Google
Chrome</ex></ph> will use a default minimum version, which was SSLv3 in Chrome
38 but is TLS 1.0 in Chrome 39. |
| 6897 |
| 6898 Otherwise it may be set to one of the following values: "sslv3", "tls1", "
tls1.1" or "tls1.2". A setting of "tls1" protects against attacks on SSLv3 but i
s already the default. A more likely situation is that compatibility with a bugg
y server must be maintained and thus this needs to be set to "sslv3". That poten
tially opens up all connections to SSLv3 attacks since a network attacker can in
duce fallbacks. Thus this is a stopgap measure and the server should be rapidly
fixed. |
| 6899 |
| 6900 A setting of "tls1.2" disables all fallback but this may have a significan
t compatibility impact. |
| 6901 |
| 6902 Note that, despite the number, "sslv3" is an earier version than "tls1".''
', |
| 6903 }, |
6847 ], | 6904 ], |
6848 'messages': { | 6905 'messages': { |
6849 # Messages that are not associated to any policies. | 6906 # Messages that are not associated to any policies. |
6850 'win_supported_winxpsp2': { | 6907 'win_supported_winxpsp2': { |
6851 'desc': '''A label specifying the oldest possible compatible version of Wi
ndows. This text will appear right next to a label containing the text 'Supporte
d on:'.''', | 6908 'desc': '''A label specifying the oldest possible compatible version of Wi
ndows. This text will appear right next to a label containing the text 'Supporte
d on:'.''', |
6852 'text': '''Microsoft Windows XP SP2 or later''' | 6909 'text': '''Microsoft Windows XP SP2 or later''' |
6853 }, | 6910 }, |
6854 'mac_chrome_preferences': { | 6911 'mac_chrome_preferences': { |
6855 'desc': '''A text indicating in Mac OS X Workgroup Manager, that currently
the preferences of Chromium are being edited''', | 6912 'desc': '''A text indicating in Mac OS X Workgroup Manager, that currently
the preferences of Chromium are being edited''', |
6856 'text': '''<ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> preferenc
es''' | 6913 'text': '''<ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> preferenc
es''' |
(...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
6961 'desc': '''Text appended in parentheses next to the policies top-level con
tainer to indicate that those policies are of the Recommended level''', | 7018 'desc': '''Text appended in parentheses next to the policies top-level con
tainer to indicate that those policies are of the Recommended level''', |
6962 'text': 'Default Settings (users can override)', | 7019 'text': 'Default Settings (users can override)', |
6963 }, | 7020 }, |
6964 'doc_complex_policies_on_windows': { | 7021 'doc_complex_policies_on_windows': { |
6965 'desc': '''Text pointing the user to a help article for complex policies o
n Windows''', | 7022 'desc': '''Text pointing the user to a help article for complex policies o
n Windows''', |
6966 'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POL
ICIES_URL">http://www.chromium.org/administrators/complex-policies-on-windows<ex
>http://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>'''
, | 7023 'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POL
ICIES_URL">http://www.chromium.org/administrators/complex-policies-on-windows<ex
>http://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>'''
, |
6967 }, | 7024 }, |
6968 }, | 7025 }, |
6969 'placeholders': [], | 7026 'placeholders': [], |
6970 } | 7027 } |
OLD | NEW |