Codebase Browser
chromium
Go to App

chromium/services/network/public/mojom/ssl_config.mojom 

// Copyright 2018 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

module network.mojom;

import "services/network/public/mojom/optional_bool.mojom";

enum SSLVersion {
  kTLS12,
  kTLS13,
};

// This is a combination of net::SSLContextConfig and
// net::CertVerifier::Config's fields. See those two classes for descriptions.
struct SSLConfig {
  bool rev_checking_enabled = false;
  bool rev_checking_required_local_anchors = false;

  bool sha1_local_anchors_enabled = false;
  bool symantec_enforcement_disabled = false;

  // SSL 2.0/3.0 and TLS 1.0/1.1 are not supported. Note these lines must be
  // kept in sync with net/ssl/ssl_config.cc.
  SSLVersion version_min = kTLS12;
  SSLVersion version_max = kTLS13;

  // Though cipher suites are sent in TLS as "uint8_t CipherSuite[2]", in
  // big-endian form, they should be declared in host byte order, with the
  // first uint8_t occupying the most significant byte.
  // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to
  // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002.
  array<uint16> disabled_cipher_suites;

  // Patterns for matching hostnames to determine when to allow connection
  // coalescing when client certificates are also in use. Patterns follow
  // the rules for host matching from the URL Blocklist filter format:
  // "example.com" matches "example.com" and all subdomains, while
  // ".example.net" matches exactly "example.net". Hostnames must be
  // canonicalized according to the rules used by GURL.
  array<string> client_cert_pooling_policy;

  // If specified, controls whether post-quantum key agreement is allowed
  // in TLS connections. If kUnset, this is determined by feature flags.
  OptionalBool post_quantum_override = kUnset;

  // If false, disables TLS Encrypted ClientHello (ECH). If true, the feature
  // may be enabled or disabled, depending on feature flags.
  bool ech_enabled = true;
};

// Receives SSL configuration updates.
interface SSLConfigClient {
  OnSSLConfigUpdated(SSLConfig ssl_config);
};