OLD | NEW |
1 { | 1 { |
2 # policy_templates.json - Metafile for policy templates | 2 # policy_templates.json - Metafile for policy templates |
3 # | 3 # |
4 # The content of this file is evaluated as a Python expression. | 4 # The content of this file is evaluated as a Python expression. |
5 # | 5 # |
6 # This file is used as input to generate the following policy templates: | 6 # This file is used as input to generate the following policy templates: |
7 # ADM, ADMX+ADML, MCX/plist and html documentation. | 7 # ADM, ADMX+ADML, MCX/plist and html documentation. |
8 # | 8 # |
9 # Policy templates are user interface definitions or documents about the | 9 # Policy templates are user interface definitions or documents about the |
10 # policies that can be used to configure Chrome. Each policy is a name-value | 10 # policies that can be used to configure Chrome. Each policy is a name-value |
(...skipping 6876 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
6887 ], | 6887 ], |
6888 'features': { | 6888 'features': { |
6889 'dynamic_refresh': True, | 6889 'dynamic_refresh': True, |
6890 'per_profile': False, | 6890 'per_profile': False, |
6891 }, | 6891 }, |
6892 'example_value': 'ssl3', | 6892 'example_value': 'ssl3', |
6893 'id': 279, | 6893 'id': 279, |
6894 'caption': '''Minimum SSL version enabled''', | 6894 'caption': '''Minimum SSL version enabled''', |
6895 'desc': '''Warning: SSLv3 support will be entirely removed from Chrome aft
er version 43 (around July 2015) after which the setting "ssl3" will be ignored
and the default of "tls1" used instead. | 6895 'desc': '''Warning: SSLv3 support will be entirely removed from Chrome aft
er version 43 (around July 2015) after which the setting "ssl3" will be ignored
and the default of "tls1" used instead. |
6896 | 6896 |
6897 If this policy is not configured then <ph name="PRODUCT_NAME">$1<ex>Google
Chrome</ex></ph> will use a default minimum version, which is SSLv3 in Chrome 3
9 but may be TLS 1.0 in Chrome 40. | 6897 If this policy is not configured then <ph name="PRODUCT_NAME">$1<ex>Google
Chrome</ex></ph> uses a default minimum version which is SSLv3 in <ph name="PRO
DUCT_NAME">$1<ex>Google Chrome</ex></ph> 39 and TLS 1.0 in later versions. |
6898 | 6898 |
6899 Otherwise it may be set to one of the following values: "sslv3", "tls1", "
tls1.1" or "tls1.2". When set, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex><
/ph> will not use SSL/TLS versions less than the specified version. An unrecogni
zed value will be ignored. | 6899 Otherwise it may be set to one of the following values: "sslv3", "tls1", "
tls1.1" or "tls1.2". When set, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex><
/ph> will not use SSL/TLS versions less than the specified version. An unrecogni
zed value will be ignored. |
6900 | 6900 |
6901 Note that, despite the number, "sslv3" is an earlier version than "tls1".'
'', | 6901 Note that, despite the number, "sslv3" is an earlier version than "tls1".'
'', |
6902 }, | 6902 }, |
6903 { | 6903 { |
6904 'name': 'SSLVersionFallbackMin', | 6904 'name': 'SSLVersionFallbackMin', |
6905 'type': 'string-enum', | 6905 'type': 'string-enum', |
6906 'schema': { | 6906 'schema': { |
6907 'type': 'string', | 6907 'type': 'string', |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
6944 'dynamic_refresh': True, | 6944 'dynamic_refresh': True, |
6945 'per_profile': False, | 6945 'per_profile': False, |
6946 }, | 6946 }, |
6947 'example_value': 'tls1', | 6947 'example_value': 'tls1', |
6948 'id': 280, | 6948 'id': 280, |
6949 'caption': '''Minimum SSL version to fallback to''', | 6949 'caption': '''Minimum SSL version to fallback to''', |
6950 'desc': '''Warning: SSLv3 support will be entirely removed from Chrome aft
er version 43 (around July 2015) after which the setting "ssl3" will be ignored
and the default of "tls1" used instead. | 6950 'desc': '''Warning: SSLv3 support will be entirely removed from Chrome aft
er version 43 (around July 2015) after which the setting "ssl3" will be ignored
and the default of "tls1" used instead. |
6951 | 6951 |
6952 When an SSL/TLS handshake fails, <ph name="PRODUCT_NAME">$1<ex>Google Chro
me</ex></ph> will retry the connection with a lesser version of SSL/TLS in order
to work around bugs in HTTPS servers. This setting configures the version at wh
ich this fallback process will stop. If a server performs version negotiation co
rrectly (i.e. without breaking the connection) then this setting doesn't apply.
Regardless, the resulting connection must still comply with SSLVersionMin. | 6952 When an SSL/TLS handshake fails, <ph name="PRODUCT_NAME">$1<ex>Google Chro
me</ex></ph> will retry the connection with a lesser version of SSL/TLS in order
to work around bugs in HTTPS servers. This setting configures the version at wh
ich this fallback process will stop. If a server performs version negotiation co
rrectly (i.e. without breaking the connection) then this setting doesn't apply.
Regardless, the resulting connection must still comply with SSLVersionMin. |
6953 | 6953 |
6954 If this policy is not configured then <ph name="PRODUCT_NAME">$1<ex>Google
Chrome</ex></ph> will use a default minimum version, which was SSLv3 in Chrome
38 but is TLS 1.0 in Chrome 39. | 6954 If this policy is not configured then <ph name="PRODUCT_NAME">$1<ex>Google
Chrome</ex></ph> uses a default minimum version which is SSLv3 in <ph name="PRO
DUCT_NAME">$1<ex>Google Chrome</ex></ph> 38 and TLS 1.0 in later versions. |
6955 | 6955 |
6956 Otherwise it may be set to one of the following values: "sslv3", "tls1", "
tls1.1" or "tls1.2". A setting of "tls1" protects against attacks on SSLv3 but i
s already the default. A more likely situation is that compatibility with a bugg
y server must be maintained and thus this needs to be set to "sslv3". That poten
tially opens up all connections to SSLv3 attacks since a network attacker can in
duce fallbacks. Thus this is a stopgap measure and the server should be rapidly
fixed. | 6956 Otherwise it may be set to one of the following values: "sslv3", "tls1", "
tls1.1" or "tls1.2". A setting of "tls1" protects against attacks on SSLv3 but i
s already the default. A more likely situation is that compatibility with a bugg
y server must be maintained and thus this needs to be set to "sslv3". That poten
tially opens up all connections to SSLv3 attacks since a network attacker can in
duce fallbacks. Thus this is a stopgap measure and the server should be rapidly
fixed. |
6957 | 6957 |
6958 A setting of "tls1.2" disables all fallback but this may have a significan
t compatibility impact. | 6958 A setting of "tls1.2" disables all fallback but this may have a significan
t compatibility impact. |
6959 | 6959 |
6960 Note that, despite the number, "sslv3" is an earlier version than "tls1".'
'', | 6960 Note that, despite the number, "sslv3" is an earlier version than "tls1".'
'', |
6961 }, | 6961 }, |
6962 { | 6962 { |
6963 'name': 'ContextualSearchEnabled', | 6963 'name': 'ContextualSearchEnabled', |
6964 'type': 'main', | 6964 'type': 'main', |
(...skipping 133 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
7098 'desc': '''Text appended in parentheses next to the policies top-level con
tainer to indicate that those policies are of the Recommended level''', | 7098 'desc': '''Text appended in parentheses next to the policies top-level con
tainer to indicate that those policies are of the Recommended level''', |
7099 'text': 'Default Settings (users can override)', | 7099 'text': 'Default Settings (users can override)', |
7100 }, | 7100 }, |
7101 'doc_complex_policies_on_windows': { | 7101 'doc_complex_policies_on_windows': { |
7102 'desc': '''Text pointing the user to a help article for complex policies o
n Windows''', | 7102 'desc': '''Text pointing the user to a help article for complex policies o
n Windows''', |
7103 'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POL
ICIES_URL">http://www.chromium.org/administrators/complex-policies-on-windows<ex
>http://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>'''
, | 7103 'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POL
ICIES_URL">http://www.chromium.org/administrators/complex-policies-on-windows<ex
>http://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>'''
, |
7104 }, | 7104 }, |
7105 }, | 7105 }, |
7106 'placeholders': [], | 7106 'placeholders': [], |
7107 } | 7107 } |
OLD | NEW |