| // Copyright 2018 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| module network.mojom; |
| |
| enum SSLVersion { |
| kTLS1, |
| kTLS11, |
| kTLS12, |
| kTLS13, |
| }; |
| |
| // Versions of TLS 1.3 that are supported. |
| enum TLS13Variant { |
| kDraft23, |
| kDraft28, |
| }; |
| |
| // This contains the subset of net::SSLConfig members that are managed by the |
| // net::SSLConfigService. See net::SSLConfig for field descriptions. |
| struct SSLConfig { |
| bool rev_checking_enabled = false; |
| bool rev_checking_required_local_anchors = false; |
| |
| bool sha1_local_anchors_enabled = false; |
| bool symantec_enforcement_disabled = false; |
| |
| // SSL 2.0 and 3.0 are not supported. |
| SSLVersion version_min = kTLS1; |
| SSLVersion version_max = kTLS12; |
| |
| TLS13Variant tls13_variant = kDraft23; |
| |
| // Though cipher suites are sent in TLS as "uint8_t CipherSuite[2]", in |
| // big-endian form, they should be declared in host byte order, with the |
| // first uint8_t occupying the most significant byte. |
| // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to |
| // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002. |
| array<uint16> disabled_cipher_suites; |
| |
| // Patterns for matching hostnames to determine when to allow connection |
| // coalescing when client certificates are also in use. Patterns follow |
| // the rules for host matching from the URL Blacklist filter format: |
| // "example.com" matches "example.com" and all subdomains, while |
| // ".example.net" matches exactly "example.net". Hostnames must be |
| // canonicalized according to the rules used by GURL. |
| array<string> client_cert_pooling_policy; |
| }; |
| |
| // Receives SSL configuration updates. |
| interface SSLConfigClient { |
| OnSSLConfigUpdated(SSLConfig ssl_config); |
| }; |