OLD | NEW |
1 { | 1 { |
2 # policy_templates.json - Metafile for policy templates | 2 # policy_templates.json - Metafile for policy templates |
3 # | 3 # |
4 # The content of this file is evaluated as a Python expression. | 4 # The content of this file is evaluated as a Python expression. |
5 # | 5 # |
6 # This file is used as input to generate the following policy templates: | 6 # This file is used as input to generate the following policy templates: |
7 # ADM, ADMX+ADML, MCX/plist and html documentation. | 7 # ADM, ADMX+ADML, MCX/plist and html documentation. |
8 # | 8 # |
9 # Policy templates are user interface definitions or documents about the | 9 # Policy templates are user interface definitions or documents about the |
10 # policies that can be used to configure Chrome. Each policy is a name-value | 10 # policies that can be used to configure Chrome. Each policy is a name-value |
(...skipping 6862 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
6873 'value': 'tls1.1', | 6873 'value': 'tls1.1', |
6874 'caption': 'TLS 1.1', | 6874 'caption': 'TLS 1.1', |
6875 }, | 6875 }, |
6876 { | 6876 { |
6877 'name': 'TLSv1.2', | 6877 'name': 'TLSv1.2', |
6878 'value': 'tls1.2', | 6878 'value': 'tls1.2', |
6879 'caption': 'TLS 1.2', | 6879 'caption': 'TLS 1.2', |
6880 }, | 6880 }, |
6881 ], | 6881 ], |
6882 'supported_on': [ | 6882 'supported_on': [ |
6883 'chrome.*:39-', | 6883 'chrome.*:39-43', |
6884 'chrome_os:39-', | 6884 'chrome_os:39-43', |
6885 'android:39-', | 6885 'android:39-43', |
6886 'ios:39-', | 6886 'ios:39-43', |
6887 ], | 6887 ], |
6888 'features': { | 6888 'features': { |
6889 'dynamic_refresh': True, | 6889 'dynamic_refresh': True, |
6890 'per_profile': False, | 6890 'per_profile': False, |
6891 }, | 6891 }, |
6892 'example_value': 'ssl3', | 6892 'example_value': 'ssl3', |
6893 'id': 279, | 6893 'id': 279, |
6894 'caption': '''Minimum SSL version enabled''', | 6894 'caption': '''Minimum SSL version enabled''', |
6895 'desc': '''If this policy is not configured then <ph name="PRODUCT_NAME">$
1<ex>Google Chrome</ex></ph> will use a default minimum version, which is SSLv3
in Chrome 39 but may be TLS 1.0 in Chrome 40. | 6895 'desc': '''Warning: SSLv3 support will be entirely removed from Chrome aft
er version 43 (around July 2015) after which the setting "ssl3" will be ignored
and the default of "tls1" used instead. |
| 6896 |
| 6897 If this policy is not configured then <ph name="PRODUCT_NAME">$1<ex>Google
Chrome</ex></ph> will use a default minimum version, which is SSLv3 in Chrome 3
9 but may be TLS 1.0 in Chrome 40. |
6896 | 6898 |
6897 Otherwise it may be set to one of the following values: "sslv3", "tls1", "
tls1.1" or "tls1.2". When set, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex><
/ph> will not use SSL/TLS versions less than the specified version. An unrecogni
zed value will be ignored. | 6899 Otherwise it may be set to one of the following values: "sslv3", "tls1", "
tls1.1" or "tls1.2". When set, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex><
/ph> will not use SSL/TLS versions less than the specified version. An unrecogni
zed value will be ignored. |
6898 | 6900 |
6899 Note that, despite the number, "sslv3" is an earlier version than "tls1".'
'', | 6901 Note that, despite the number, "sslv3" is an earlier version than "tls1".'
'', |
6900 }, | 6902 }, |
6901 { | 6903 { |
6902 'name': 'SSLVersionFallbackMin', | 6904 'name': 'SSLVersionFallbackMin', |
6903 'type': 'string-enum', | 6905 'type': 'string-enum', |
6904 'schema': { | 6906 'schema': { |
6905 'type': 'string', | 6907 'type': 'string', |
(...skipping 20 matching lines...) Expand all Loading... |
6926 'value': 'tls1.1', | 6928 'value': 'tls1.1', |
6927 'caption': 'TLS 1.1', | 6929 'caption': 'TLS 1.1', |
6928 }, | 6930 }, |
6929 { | 6931 { |
6930 'name': 'TLSv1.2', | 6932 'name': 'TLSv1.2', |
6931 'value': 'tls1.2', | 6933 'value': 'tls1.2', |
6932 'caption': 'TLS 1.2', | 6934 'caption': 'TLS 1.2', |
6933 }, | 6935 }, |
6934 ], | 6936 ], |
6935 'supported_on': [ | 6937 'supported_on': [ |
6936 'chrome.*:39-', | 6938 'chrome.*:39-43', |
6937 'chrome_os:39-', | 6939 'chrome_os:39-43', |
6938 'android:39-', | 6940 'android:39-43', |
6939 'ios:39-', | 6941 'ios:39-43', |
6940 ], | 6942 ], |
6941 'features': { | 6943 'features': { |
6942 'dynamic_refresh': True, | 6944 'dynamic_refresh': True, |
6943 'per_profile': False, | 6945 'per_profile': False, |
6944 }, | 6946 }, |
6945 'example_value': 'tls1', | 6947 'example_value': 'tls1', |
6946 'id': 280, | 6948 'id': 280, |
6947 'caption': '''Minimum SSL version to fallback to''', | 6949 'caption': '''Minimum SSL version to fallback to''', |
6948 'desc': '''When an SSL/TLS handshake fails, <ph name="PRODUCT_NAME">$1<ex>
Google Chrome</ex></ph> will retry the connection with a lesser version of SSL/T
LS in order to work around bugs in HTTPS servers. This setting configures the ve
rsion at which this fallback process will stop. If a server performs version neg
otiation correctly (i.e. without breaking the connection) then this setting does
n't apply. Regardless, the resulting connection must still comply with SSLVersio
nMin. | 6950 'desc': '''Warning: SSLv3 support will be entirely removed from Chrome aft
er version 43 (around July 2015) after which the setting "ssl3" will be ignored
and the default of "tls1" used instead. |
| 6951 |
| 6952 When an SSL/TLS handshake fails, <ph name="PRODUCT_NAME">$1<ex>Google Chro
me</ex></ph> will retry the connection with a lesser version of SSL/TLS in order
to work around bugs in HTTPS servers. This setting configures the version at wh
ich this fallback process will stop. If a server performs version negotiation co
rrectly (i.e. without breaking the connection) then this setting doesn't apply.
Regardless, the resulting connection must still comply with SSLVersionMin. |
6949 | 6953 |
6950 If this policy is not configured then <ph name="PRODUCT_NAME">$1<ex>Google
Chrome</ex></ph> will use a default minimum version, which was SSLv3 in Chrome
38 but is TLS 1.0 in Chrome 39. | 6954 If this policy is not configured then <ph name="PRODUCT_NAME">$1<ex>Google
Chrome</ex></ph> will use a default minimum version, which was SSLv3 in Chrome
38 but is TLS 1.0 in Chrome 39. |
6951 | 6955 |
6952 Otherwise it may be set to one of the following values: "sslv3", "tls1", "
tls1.1" or "tls1.2". A setting of "tls1" protects against attacks on SSLv3 but i
s already the default. A more likely situation is that compatibility with a bugg
y server must be maintained and thus this needs to be set to "sslv3". That poten
tially opens up all connections to SSLv3 attacks since a network attacker can in
duce fallbacks. Thus this is a stopgap measure and the server should be rapidly
fixed. | 6956 Otherwise it may be set to one of the following values: "sslv3", "tls1", "
tls1.1" or "tls1.2". A setting of "tls1" protects against attacks on SSLv3 but i
s already the default. A more likely situation is that compatibility with a bugg
y server must be maintained and thus this needs to be set to "sslv3". That poten
tially opens up all connections to SSLv3 attacks since a network attacker can in
duce fallbacks. Thus this is a stopgap measure and the server should be rapidly
fixed. |
6953 | 6957 |
6954 A setting of "tls1.2" disables all fallback but this may have a significan
t compatibility impact. | 6958 A setting of "tls1.2" disables all fallback but this may have a significan
t compatibility impact. |
6955 | 6959 |
6956 Note that, despite the number, "sslv3" is an earier version than "tls1".''
', | 6960 Note that, despite the number, "sslv3" is an earlier version than "tls1".'
'', |
6957 }, | 6961 }, |
6958 { | 6962 { |
6959 'name': 'ContextualSearchEnabled', | 6963 'name': 'ContextualSearchEnabled', |
6960 'type': 'main', | 6964 'type': 'main', |
6961 'schema': { 'type': 'boolean' }, | 6965 'schema': { 'type': 'boolean' }, |
6962 'supported_on': [ | 6966 'supported_on': [ |
6963 'android:40-', | 6967 'android:40-', |
6964 ], | 6968 ], |
6965 'features': { | 6969 'features': { |
6966 'dynamic_refresh': True, | 6970 'dynamic_refresh': True, |
(...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
7094 'desc': '''Text appended in parentheses next to the policies top-level con
tainer to indicate that those policies are of the Recommended level''', | 7098 'desc': '''Text appended in parentheses next to the policies top-level con
tainer to indicate that those policies are of the Recommended level''', |
7095 'text': 'Default Settings (users can override)', | 7099 'text': 'Default Settings (users can override)', |
7096 }, | 7100 }, |
7097 'doc_complex_policies_on_windows': { | 7101 'doc_complex_policies_on_windows': { |
7098 'desc': '''Text pointing the user to a help article for complex policies o
n Windows''', | 7102 'desc': '''Text pointing the user to a help article for complex policies o
n Windows''', |
7099 'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POL
ICIES_URL">http://www.chromium.org/administrators/complex-policies-on-windows<ex
>http://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>'''
, | 7103 'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POL
ICIES_URL">http://www.chromium.org/administrators/complex-policies-on-windows<ex
>http://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>'''
, |
7100 }, | 7104 }, |
7101 }, | 7105 }, |
7102 'placeholders': [], | 7106 'placeholders': [], |
7103 } | 7107 } |
OLD | NEW |