blob: c2b636e988497dc13f378fbe9f7046b67a35fe29 [file] [log] [blame]
// Copyright 2018 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
module network.mojom;
enum SSLVersion {
kTLS1,
kTLS11,
kTLS12,
kTLS13,
};
// This is a combination of net::SSLContextConfig and
// net::CertVerifier::Config's fields. See those two classes for descriptions.
struct SSLConfig {
bool rev_checking_enabled = false;
bool rev_checking_required_local_anchors = false;
bool sha1_local_anchors_enabled = false;
bool symantec_enforcement_disabled = false;
// SSL 2.0 and 3.0 are not supported. Note these lines must be kept in sync
// with net/ssl/ssl_config.cc.
SSLVersion version_min = kTLS1;
// version_min_warn is the minimum protocol version that won't cause cert
// errors (e.g., in Chrome we'll show a security interstitial for connections
// using a version lower than version_min_warn).
SSLVersion version_min_warn = kTLS12;
SSLVersion version_max = kTLS13;
// Though cipher suites are sent in TLS as "uint8_t CipherSuite[2]", in
// big-endian form, they should be declared in host byte order, with the
// first uint8_t occupying the most significant byte.
// Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to
// disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002.
array<uint16> disabled_cipher_suites;
// Patterns for matching hostnames to determine when to allow connection
// coalescing when client certificates are also in use. Patterns follow
// the rules for host matching from the URL Blocklist filter format:
// "example.com" matches "example.com" and all subdomains, while
// ".example.net" matches exactly "example.net". Hostnames must be
// canonicalized according to the rules used by GURL.
array<string> client_cert_pooling_policy;
};
// Receives SSL configuration updates.
interface SSLConfigClient {
OnSSLConfigUpdated(SSLConfig ssl_config);
};