OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_SSL_SSL_CONFIG_SERVICE_H_ | 5 #ifndef NET_SSL_SSL_CONFIG_SERVICE_H_ |
6 #define NET_SSL_SSL_CONFIG_SERVICE_H_ | 6 #define NET_SSL_SSL_CONFIG_SERVICE_H_ |
7 | 7 |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
(...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
92 // Though cipher suites are sent in TLS as "uint8 CipherSuite[2]", in | 92 // Though cipher suites are sent in TLS as "uint8 CipherSuite[2]", in |
93 // big-endian form, they should be declared in host byte order, with the | 93 // big-endian form, they should be declared in host byte order, with the |
94 // first uint8 occupying the most significant byte. | 94 // first uint8 occupying the most significant byte. |
95 // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to | 95 // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to |
96 // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002. | 96 // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002. |
97 std::vector<uint16> disabled_cipher_suites; | 97 std::vector<uint16> disabled_cipher_suites; |
98 | 98 |
99 bool cached_info_enabled; // True if TLS cached info extension is enabled. | 99 bool cached_info_enabled; // True if TLS cached info extension is enabled. |
100 bool channel_id_enabled; // True if TLS channel ID extension is enabled. | 100 bool channel_id_enabled; // True if TLS channel ID extension is enabled. |
101 bool false_start_enabled; // True if we'll use TLS False Start. | 101 bool false_start_enabled; // True if we'll use TLS False Start. |
| 102 // True if the Certificate Transparency signed_certificate_timestamp |
| 103 // TLS extension is enabled. |
| 104 bool signed_cert_timestamps_enabled; |
102 | 105 |
103 // require_forward_secrecy, if true, causes only (EC)DHE cipher suites to be | 106 // require_forward_secrecy, if true, causes only (EC)DHE cipher suites to be |
104 // enabled. NOTE: this only applies to server sockets currently, although | 107 // enabled. NOTE: this only applies to server sockets currently, although |
105 // that could be extended if needed. | 108 // that could be extended if needed. |
106 bool require_forward_secrecy; | 109 bool require_forward_secrecy; |
107 | 110 |
108 // If |unrestricted_ssl3_fallback_enabled| is true, SSL 3.0 fallback will be | 111 // If |unrestricted_ssl3_fallback_enabled| is true, SSL 3.0 fallback will be |
109 // enabled for all sites. | 112 // enabled for all sites. |
110 // If |unrestricted_ssl3_fallback_enabled| is false, SSL 3.0 fallback will be | 113 // If |unrestricted_ssl3_fallback_enabled| is false, SSL 3.0 fallback will be |
111 // disabled for a site pinned to the Google pin list (indicating that it is a | 114 // disabled for a site pinned to the Google pin list (indicating that it is a |
(...skipping 56 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
168 public: | 171 public: |
169 // Notify observers if SSL settings have changed. We don't check all of the | 172 // Notify observers if SSL settings have changed. We don't check all of the |
170 // data in SSLConfig, just those that qualify as a user config change. | 173 // data in SSLConfig, just those that qualify as a user config change. |
171 // The following settings are considered user changes: | 174 // The following settings are considered user changes: |
172 // rev_checking_enabled | 175 // rev_checking_enabled |
173 // version_min | 176 // version_min |
174 // version_max | 177 // version_max |
175 // disabled_cipher_suites | 178 // disabled_cipher_suites |
176 // channel_id_enabled | 179 // channel_id_enabled |
177 // false_start_enabled | 180 // false_start_enabled |
| 181 // signed_cert_timestamps_enabled |
178 // require_forward_secrecy | 182 // require_forward_secrecy |
179 virtual void OnSSLConfigChanged() = 0; | 183 virtual void OnSSLConfigChanged() = 0; |
180 | 184 |
181 protected: | 185 protected: |
182 virtual ~Observer() {} | 186 virtual ~Observer() {} |
183 }; | 187 }; |
184 | 188 |
185 SSLConfigService(); | 189 SSLConfigService(); |
186 | 190 |
187 // May not be thread-safe, should only be called on the IO thread. | 191 // May not be thread-safe, should only be called on the IO thread. |
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
227 void ProcessConfigUpdate(const SSLConfig& orig_config, | 231 void ProcessConfigUpdate(const SSLConfig& orig_config, |
228 const SSLConfig& new_config); | 232 const SSLConfig& new_config); |
229 | 233 |
230 private: | 234 private: |
231 ObserverList<Observer> observer_list_; | 235 ObserverList<Observer> observer_list_; |
232 }; | 236 }; |
233 | 237 |
234 } // namespace net | 238 } // namespace net |
235 | 239 |
236 #endif // NET_SSL_SSL_CONFIG_SERVICE_H_ | 240 #endif // NET_SSL_SSL_CONFIG_SERVICE_H_ |
OLD | NEW |