Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(26)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/policy/resources/policy_templates.json

Issue 743903003: policy_templates.json: Document SSL default for M40. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 { 1 {
2 # policy_templates.json - Metafile for policy templates 2 # policy_templates.json - Metafile for policy templates
3 # 3 #
4 # The content of this file is evaluated as a Python expression. 4 # The content of this file is evaluated as a Python expression.
5 # 5 #
6 # This file is used as input to generate the following policy templates: 6 # This file is used as input to generate the following policy templates:
7 # ADM, ADMX+ADML, MCX/plist and html documentation. 7 # ADM, ADMX+ADML, MCX/plist and html documentation.
8 # 8 #
9 # Policy templates are user interface definitions or documents about the 9 # Policy templates are user interface definitions or documents about the
10 # policies that can be used to configure Chrome. Each policy is a name-value 10 # policies that can be used to configure Chrome. Each policy is a name-value
(...skipping 6876 matching lines...) Expand 10 before | Expand all | Expand 10 after
6887 ], 6887 ],
6888 'features': { 6888 'features': {
6889 'dynamic_refresh': True, 6889 'dynamic_refresh': True,
6890 'per_profile': False, 6890 'per_profile': False,
6891 }, 6891 },
6892 'example_value': 'ssl3', 6892 'example_value': 'ssl3',
6893 'id': 279, 6893 'id': 279,
6894 'caption': '''Minimum SSL version enabled''', 6894 'caption': '''Minimum SSL version enabled''',
6895 'desc': '''Warning: SSLv3 support will be entirely removed from Chrome aft er version 43 (around July 2015) after which the setting "ssl3" will be ignored and the default of "tls1" used instead. 6895 'desc': '''Warning: SSLv3 support will be entirely removed from Chrome aft er version 43 (around July 2015) after which the setting "ssl3" will be ignored and the default of "tls1" used instead.
6896 6896
6897 If this policy is not configured then <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will use a default minimum version, which is SSLv3 in Chrome 3 9 but may be TLS 1.0 in Chrome 40. 6897 If this policy is not configured then <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> uses a default minimum version which is SSLv3 in <ph name="PRO DUCT_NAME">$1<ex>Google Chrome</ex></ph> 39 and TLS 1.0 in later versions.
6898 6898
6899 Otherwise it may be set to one of the following values: "sslv3", "tls1", " tls1.1" or "tls1.2". When set, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex>< /ph> will not use SSL/TLS versions less than the specified version. An unrecogni zed value will be ignored. 6899 Otherwise it may be set to one of the following values: "sslv3", "tls1", " tls1.1" or "tls1.2". When set, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex>< /ph> will not use SSL/TLS versions less than the specified version. An unrecogni zed value will be ignored.
6900 6900
6901 Note that, despite the number, "sslv3" is an earlier version than "tls1".' '', 6901 Note that, despite the number, "sslv3" is an earlier version than "tls1".' '',
6902 }, 6902 },
6903 { 6903 {
6904 'name': 'SSLVersionFallbackMin', 6904 'name': 'SSLVersionFallbackMin',
6905 'type': 'string-enum', 6905 'type': 'string-enum',
6906 'schema': { 6906 'schema': {
6907 'type': 'string', 6907 'type': 'string',
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after
6944 'dynamic_refresh': True, 6944 'dynamic_refresh': True,
6945 'per_profile': False, 6945 'per_profile': False,
6946 }, 6946 },
6947 'example_value': 'tls1', 6947 'example_value': 'tls1',
6948 'id': 280, 6948 'id': 280,
6949 'caption': '''Minimum SSL version to fallback to''', 6949 'caption': '''Minimum SSL version to fallback to''',
6950 'desc': '''Warning: SSLv3 support will be entirely removed from Chrome aft er version 43 (around July 2015) after which the setting "ssl3" will be ignored and the default of "tls1" used instead. 6950 'desc': '''Warning: SSLv3 support will be entirely removed from Chrome aft er version 43 (around July 2015) after which the setting "ssl3" will be ignored and the default of "tls1" used instead.
6951 6951
6952 When an SSL/TLS handshake fails, <ph name="PRODUCT_NAME">$1<ex>Google Chro me</ex></ph> will retry the connection with a lesser version of SSL/TLS in order to work around bugs in HTTPS servers. This setting configures the version at wh ich this fallback process will stop. If a server performs version negotiation co rrectly (i.e. without breaking the connection) then this setting doesn't apply. Regardless, the resulting connection must still comply with SSLVersionMin. 6952 When an SSL/TLS handshake fails, <ph name="PRODUCT_NAME">$1<ex>Google Chro me</ex></ph> will retry the connection with a lesser version of SSL/TLS in order to work around bugs in HTTPS servers. This setting configures the version at wh ich this fallback process will stop. If a server performs version negotiation co rrectly (i.e. without breaking the connection) then this setting doesn't apply. Regardless, the resulting connection must still comply with SSLVersionMin.
6953 6953
6954 If this policy is not configured then <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will use a default minimum version, which was SSLv3 in Chrome 38 but is TLS 1.0 in Chrome 39. 6954 If this policy is not configured then <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> uses a default minimum version which is SSLv3 in <ph name="PRO DUCT_NAME">$1<ex>Google Chrome</ex></ph> 38 and TLS 1.0 in later versions.
6955 6955
6956 Otherwise it may be set to one of the following values: "sslv3", "tls1", " tls1.1" or "tls1.2". A setting of "tls1" protects against attacks on SSLv3 but i s already the default. A more likely situation is that compatibility with a bugg y server must be maintained and thus this needs to be set to "sslv3". That poten tially opens up all connections to SSLv3 attacks since a network attacker can in duce fallbacks. Thus this is a stopgap measure and the server should be rapidly fixed. 6956 Otherwise it may be set to one of the following values: "sslv3", "tls1", " tls1.1" or "tls1.2". A setting of "tls1" protects against attacks on SSLv3 but i s already the default. A more likely situation is that compatibility with a bugg y server must be maintained and thus this needs to be set to "sslv3". That poten tially opens up all connections to SSLv3 attacks since a network attacker can in duce fallbacks. Thus this is a stopgap measure and the server should be rapidly fixed.
6957 6957
6958 A setting of "tls1.2" disables all fallback but this may have a significan t compatibility impact. 6958 A setting of "tls1.2" disables all fallback but this may have a significan t compatibility impact.
6959 6959
6960 Note that, despite the number, "sslv3" is an earlier version than "tls1".' '', 6960 Note that, despite the number, "sslv3" is an earlier version than "tls1".' '',
6961 }, 6961 },
6962 { 6962 {
6963 'name': 'ContextualSearchEnabled', 6963 'name': 'ContextualSearchEnabled',
6964 'type': 'main', 6964 'type': 'main',
(...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after
7098 'desc': '''Text appended in parentheses next to the policies top-level con tainer to indicate that those policies are of the Recommended level''', 7098 'desc': '''Text appended in parentheses next to the policies top-level con tainer to indicate that those policies are of the Recommended level''',
7099 'text': 'Default Settings (users can override)', 7099 'text': 'Default Settings (users can override)',
7100 }, 7100 },
7101 'doc_complex_policies_on_windows': { 7101 'doc_complex_policies_on_windows': {
7102 'desc': '''Text pointing the user to a help article for complex policies o n Windows''', 7102 'desc': '''Text pointing the user to a help article for complex policies o n Windows''',
7103 'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POL ICIES_URL">http://www.chromium.org/administrators/complex-policies-on-windows<ex >http://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>''' , 7103 'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POL ICIES_URL">http://www.chromium.org/administrators/complex-policies-on-windows<ex >http://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>''' ,
7104 }, 7104 },
7105 }, 7105 },
7106 'placeholders': [], 7106 'placeholders': [],
7107 } 7107 }
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698