caption: Enable a TLS 1.3 security feature for local trust anchors.
deprecated: true
desc: "This policy controls a security feature in TLS 1.3 which protects connections\
\ against downgrade attacks. It is backwards-compatible and will not affect connections\
\ to compliant TLS 1.2 servers or proxies. However, older versions of some TLS-intercepting\
\ proxies have an implementation flaw which causes them to be incompatible.\n\n\
\ If this policy is set to True or not set, <ph name=\"PRODUCT_NAME\">$1<ex>Google\
\ Chrome</ex></ph> will enable these security protections for all connections.\n\
\n If this policy is set to False, <ph name=\"PRODUCT_NAME\">$1<ex>Google Chrome</ex></ph>\
\ will disable these security protections for connections authenticated with locally-installed\
\ CA certificates. These protections are always enabled for connections authenticated\
\ with publicly-trusted CA certificates.\n\n The default value for this policy\
\ was changed in <ph name=\"PRODUCT_NAME\">$1<ex>Google Chrome</ex></ph> 81 from\
\ false to true. Affected proxies are expected to fail connections with an error\
\ code of ERR_TLS13_DOWNGRADE_DETECTED. Administrators who need more time to upgrade\
\ affected proxies may use this policy to temporarily disable this security feature.\
\ This policy was removed in version 86.\n "
example_value: true
features:
dynamic_refresh: true
per_profile: true
owners:
- file://net/ssl/OWNERS
- [email protected]
schema:
type: boolean
supported_on:
- chrome.*:79-85
- chrome_os:79-85
- android:79-85
tags:
- system-security
type: main
Codebase Browser
chromium