OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_SSL_SSL_CONFIG_SERVICE_H_ | 5 #ifndef NET_SSL_SSL_CONFIG_SERVICE_H_ |
6 #define NET_SSL_SSL_CONFIG_SERVICE_H_ | 6 #define NET_SSL_SSL_CONFIG_SERVICE_H_ |
7 | 7 |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
(...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
92 // Though cipher suites are sent in TLS as "uint8 CipherSuite[2]", in | 92 // Though cipher suites are sent in TLS as "uint8 CipherSuite[2]", in |
93 // big-endian form, they should be declared in host byte order, with the | 93 // big-endian form, they should be declared in host byte order, with the |
94 // first uint8 occupying the most significant byte. | 94 // first uint8 occupying the most significant byte. |
95 // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to | 95 // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to |
96 // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002. | 96 // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002. |
97 std::vector<uint16> disabled_cipher_suites; | 97 std::vector<uint16> disabled_cipher_suites; |
98 | 98 |
99 bool cached_info_enabled; // True if TLS cached info extension is enabled. | 99 bool cached_info_enabled; // True if TLS cached info extension is enabled. |
100 bool channel_id_enabled; // True if TLS channel ID extension is enabled. | 100 bool channel_id_enabled; // True if TLS channel ID extension is enabled. |
101 bool false_start_enabled; // True if we'll use TLS False Start. | 101 bool false_start_enabled; // True if we'll use TLS False Start. |
102 // True if the Certificate Transparency signed_certificate_timestamp | |
103 // TLS extension is enabled. | |
104 bool signed_cert_timestamps_enabled; | |
102 | 105 |
103 // require_forward_secrecy, if true, causes only (EC)DHE cipher suites to be | 106 // require_forward_secrecy, if true, causes only (EC)DHE cipher suites to be |
104 // enabled. NOTE: this only applies to server sockets currently, although | 107 // enabled. NOTE: this only applies to server sockets currently, although |
105 // that could be extended if needed. | 108 // that could be extended if needed. |
106 bool require_forward_secrecy; | 109 bool require_forward_secrecy; |
107 | 110 |
108 // If |unrestricted_ssl3_fallback_enabled| is true, SSL 3.0 fallback will be | 111 // If |unrestricted_ssl3_fallback_enabled| is true, SSL 3.0 fallback will be |
109 // enabled for all sites. | 112 // enabled for all sites. |
110 // If |unrestricted_ssl3_fallback_enabled| is false, SSL 3.0 fallback will be | 113 // If |unrestricted_ssl3_fallback_enabled| is false, SSL 3.0 fallback will be |
111 // disabled for a site pinned to the Google pin list (indicating that it is a | 114 // disabled for a site pinned to the Google pin list (indicating that it is a |
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
167 class NET_EXPORT Observer { | 170 class NET_EXPORT Observer { |
168 public: | 171 public: |
169 // Notify observers if SSL settings have changed. We don't check all of the | 172 // Notify observers if SSL settings have changed. We don't check all of the |
170 // data in SSLConfig, just those that qualify as a user config change. | 173 // data in SSLConfig, just those that qualify as a user config change. |
171 // The following settings are considered user changes: | 174 // The following settings are considered user changes: |
172 // rev_checking_enabled | 175 // rev_checking_enabled |
173 // version_min | 176 // version_min |
174 // version_max | 177 // version_max |
175 // disabled_cipher_suites | 178 // disabled_cipher_suites |
176 // channel_id_enabled | 179 // channel_id_enabled |
177 // false_start_enabled | 180 // false_start_enabled |
wtc
2013/11/26 17:32:55
We may need to list signed_cert_timestamps_enabled
| |
178 // require_forward_secrecy | 181 // require_forward_secrecy |
179 virtual void OnSSLConfigChanged() = 0; | 182 virtual void OnSSLConfigChanged() = 0; |
180 | 183 |
181 protected: | 184 protected: |
182 virtual ~Observer() {} | 185 virtual ~Observer() {} |
183 }; | 186 }; |
184 | 187 |
185 SSLConfigService(); | 188 SSLConfigService(); |
186 | 189 |
187 // May not be thread-safe, should only be called on the IO thread. | 190 // May not be thread-safe, should only be called on the IO thread. |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
227 void ProcessConfigUpdate(const SSLConfig& orig_config, | 230 void ProcessConfigUpdate(const SSLConfig& orig_config, |
228 const SSLConfig& new_config); | 231 const SSLConfig& new_config); |
229 | 232 |
230 private: | 233 private: |
231 ObserverList<Observer> observer_list_; | 234 ObserverList<Observer> observer_list_; |
232 }; | 235 }; |
233 | 236 |
234 } // namespace net | 237 } // namespace net |
235 | 238 |
236 #endif // NET_SSL_SSL_CONFIG_SERVICE_H_ | 239 #endif // NET_SSL_SSL_CONFIG_SERVICE_H_ |
OLD | NEW |