naiveproxy/services/network/public/mojom/ssl_config.mojom
2018-12-09 21:59:24 -05:00

56 lines
1.8 KiB
Plaintext

// Copyright 2018 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
module network.mojom;
enum SSLVersion {
kTLS1,
kTLS11,
kTLS12,
kTLS13,
};
// Versions of TLS 1.3 that are supported.
enum TLS13Variant {
kDraft23,
kDraft28,
kFinal,
};
// This contains the subset of net::SSLConfig members that are managed by the
// net::SSLConfigService. See net::SSLConfig for field descriptions.
struct SSLConfig {
bool rev_checking_enabled = false;
bool rev_checking_required_local_anchors = false;
bool sha1_local_anchors_enabled = false;
bool symantec_enforcement_disabled = false;
// SSL 2.0 and 3.0 are not supported.
SSLVersion version_min = kTLS1;
SSLVersion version_max = kTLS12;
TLS13Variant tls13_variant = kDraft23;
// Though cipher suites are sent in TLS as "uint8_t CipherSuite[2]", in
// big-endian form, they should be declared in host byte order, with the
// first uint8_t occupying the most significant byte.
// Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to
// disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002.
array<uint16> disabled_cipher_suites;
// Patterns for matching hostnames to determine when to allow connection
// coalescing when client certificates are also in use. Patterns follow
// the rules for host matching from the URL Blacklist filter format:
// "example.com" matches "example.com" and all subdomains, while
// ".example.net" matches exactly "example.net". Hostnames must be
// canonicalized according to the rules used by GURL.
array<string> client_cert_pooling_policy;
};
// Receives SSL configuration updates.
interface SSLConfigClient {
OnSSLConfigUpdated(SSLConfig ssl_config);
};