OLD | NEW |
1 { | 1 { |
2 # policy_templates.json - Metafile for policy templates | 2 # policy_templates.json - Metafile for policy templates |
3 # | 3 # |
4 # The content of this file is evaluated as a Python expression. | 4 # The content of this file is evaluated as a Python expression. |
5 # | 5 # |
6 # This file is used as input to generate the following policy templates: | 6 # This file is used as input to generate the following policy templates: |
7 # ADM, ADMX+ADML, MCX/plist and html documentation. | 7 # ADM, ADMX+ADML, MCX/plist and html documentation. |
8 # | 8 # |
9 # Policy templates are user interface definitions or documents about the | 9 # Policy templates are user interface definitions or documents about the |
10 # policies that can be used to configure Chrome. Each policy is a name-value | 10 # policies that can be used to configure Chrome. Each policy is a name-value |
(...skipping 7010 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
7021 'android:39-43', | 7021 'android:39-43', |
7022 'ios:39-43', | 7022 'ios:39-43', |
7023 ], | 7023 ], |
7024 'features': { | 7024 'features': { |
7025 'dynamic_refresh': True, | 7025 'dynamic_refresh': True, |
7026 'per_profile': False, | 7026 'per_profile': False, |
7027 }, | 7027 }, |
7028 'example_value': 'ssl3', | 7028 'example_value': 'ssl3', |
7029 'id': 279, | 7029 'id': 279, |
7030 'caption': '''Minimum SSL version enabled''', | 7030 'caption': '''Minimum SSL version enabled''', |
7031 'desc': '''Warning: SSLv3 support will be entirely removed from Chrome aft
er version 43 (around July 2015) after which the setting "ssl3" will be ignored
and the default of "tls1" used instead. | 7031 'desc': '''Warning: SSLv3 support will be entirely removed from <ph name="
PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> after version 43 (around July 2015)
and this policy will be removed at the same time. |
7032 | 7032 |
7033 If this policy is not configured then <ph name="PRODUCT_NAME">$1<ex>Google
Chrome</ex></ph> uses a default minimum version which is SSLv3 in <ph name="PRO
DUCT_NAME">$1<ex>Google Chrome</ex></ph> 39 and TLS 1.0 in later versions. | 7033 If this policy is not configured then <ph name="PRODUCT_NAME">$1<ex>Google
Chrome</ex></ph> uses a default minimum version which is SSLv3 in <ph name="PRO
DUCT_NAME">$1<ex>Google Chrome</ex></ph> 39 and TLS 1.0 in later versions. |
7034 | 7034 |
7035 Otherwise it may be set to one of the following values: "sslv3", "tls1", "
tls1.1" or "tls1.2". When set, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex><
/ph> will not use SSL/TLS versions less than the specified version. An unrecogni
zed value will be ignored. | 7035 Otherwise it may be set to one of the following values: "sslv3", "tls1", "
tls1.1" or "tls1.2". When set, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex><
/ph> will not use SSL/TLS versions less than the specified version. An unrecogni
zed value will be ignored. |
7036 | 7036 |
7037 Note that, despite the number, "sslv3" is an earlier version than "tls1".'
'', | 7037 Note that, despite the number, "sslv3" is an earlier version than "tls1".'
'', |
7038 }, | 7038 }, |
7039 { | 7039 { |
7040 'name': 'SSLVersionFallbackMin', | 7040 'name': 'SSLVersionFallbackMin', |
7041 'type': 'string-enum', | 7041 'type': 'string-enum', |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
7076 'android:39-43', | 7076 'android:39-43', |
7077 'ios:39-43', | 7077 'ios:39-43', |
7078 ], | 7078 ], |
7079 'features': { | 7079 'features': { |
7080 'dynamic_refresh': True, | 7080 'dynamic_refresh': True, |
7081 'per_profile': False, | 7081 'per_profile': False, |
7082 }, | 7082 }, |
7083 'example_value': 'tls1', | 7083 'example_value': 'tls1', |
7084 'id': 280, | 7084 'id': 280, |
7085 'caption': '''Minimum SSL version to fallback to''', | 7085 'caption': '''Minimum SSL version to fallback to''', |
7086 'desc': '''Warning: SSLv3 support will be entirely removed from Chrome aft
er version 43 (around July 2015) after which the setting "ssl3" will be ignored
and the default of "tls1" used instead. | 7086 'desc': '''Warning: SSLv3 support will be entirely removed from <ph name="
PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> after version 43 (around July 2015)
and this policy will be removed at the same time. |
7087 | 7087 |
7088 When an SSL/TLS handshake fails, <ph name="PRODUCT_NAME">$1<ex>Google Chro
me</ex></ph> will retry the connection with a lesser version of SSL/TLS in order
to work around bugs in HTTPS servers. This setting configures the version at wh
ich this fallback process will stop. If a server performs version negotiation co
rrectly (i.e. without breaking the connection) then this setting doesn't apply.
Regardless, the resulting connection must still comply with SSLVersionMin. | 7088 When an SSL/TLS handshake fails, <ph name="PRODUCT_NAME">$1<ex>Google Chro
me</ex></ph> will retry the connection with a lesser version of SSL/TLS in order
to work around bugs in HTTPS servers. This setting configures the version at wh
ich this fallback process will stop. If a server performs version negotiation co
rrectly (i.e. without breaking the connection) then this setting doesn't apply.
Regardless, the resulting connection must still comply with SSLVersionMin. |
7089 | 7089 |
7090 If this policy is not configured then <ph name="PRODUCT_NAME">$1<ex>Google
Chrome</ex></ph> uses a default minimum version which is SSLv3 in <ph name="PRO
DUCT_NAME">$1<ex>Google Chrome</ex></ph> 38 and TLS 1.0 in later versions. | 7090 If this policy is not configured then <ph name="PRODUCT_NAME">$1<ex>Google
Chrome</ex></ph> uses a default minimum version which is SSLv3 in <ph name="PRO
DUCT_NAME">$1<ex>Google Chrome</ex></ph> 38 and TLS 1.0 in later versions. |
7091 | 7091 |
7092 Otherwise it may be set to one of the following values: "sslv3", "tls1", "
tls1.1" or "tls1.2". A setting of "tls1" protects against attacks on SSLv3 but i
s already the default. A more likely situation is that compatibility with a bugg
y server must be maintained and thus this needs to be set to "sslv3". That poten
tially opens up all connections to SSLv3 attacks since a network attacker can in
duce fallbacks. Thus this is a stopgap measure and the server should be rapidly
fixed. | 7092 Otherwise it may be set to one of the following values: "sslv3", "tls1", "
tls1.1" or "tls1.2". A setting of "tls1" protects against attacks on SSLv3 but i
s already the default. A more likely situation is that compatibility with a bugg
y server must be maintained and thus this needs to be set to "sslv3". That poten
tially opens up all connections to SSLv3 attacks since a network attacker can in
duce fallbacks. Thus this is a stopgap measure and the server should be rapidly
fixed. |
7093 | 7093 |
7094 A setting of "tls1.2" disables all fallback but this may have a significan
t compatibility impact. | 7094 A setting of "tls1.2" disables all fallback but this may have a significan
t compatibility impact. |
7095 | 7095 |
7096 Note that, despite the number, "sslv3" is an earlier version than "tls1".'
'', | 7096 Note that, despite the number, "sslv3" is an earlier version than "tls1".'
'', |
(...skipping 152 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
7249 'desc': '''Text appended in parentheses next to the policies top-level con
tainer to indicate that those policies are of the Recommended level''', | 7249 'desc': '''Text appended in parentheses next to the policies top-level con
tainer to indicate that those policies are of the Recommended level''', |
7250 'text': 'Default Settings (users can override)', | 7250 'text': 'Default Settings (users can override)', |
7251 }, | 7251 }, |
7252 'doc_complex_policies_on_windows': { | 7252 'doc_complex_policies_on_windows': { |
7253 'desc': '''Text pointing the user to a help article for complex policies o
n Windows''', | 7253 'desc': '''Text pointing the user to a help article for complex policies o
n Windows''', |
7254 'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POL
ICIES_URL">http://www.chromium.org/administrators/complex-policies-on-windows<ex
>http://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>'''
, | 7254 'text': '''encoded as a JSON string, for details see <ph name="COMPLEX_POL
ICIES_URL">http://www.chromium.org/administrators/complex-policies-on-windows<ex
>http://www.chromium.org/administrators/complex-policies-on-windows</ex></ph>'''
, |
7255 }, | 7255 }, |
7256 }, | 7256 }, |
7257 'placeholders': [], | 7257 'placeholders': [], |
7258 } | 7258 } |
OLD | NEW |