forked from chromium/chromium
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add an enterprise policy InsecureHashesinTLSHandshakesEnabled
to control the use of insecure hashes in the TLS Handshake. This policy allows Google Chrome to use legacy insecure hashes during the TLS handshake process. If this policy is not configured, Google Chrome will follow the default rollout process for disallowing insecure hashes. If it is enabled, Google Chrome will allow insecure hashes to be used by a server when negotiating a TLS handshake. If it is disabled, Google Chrome will disallow insecure hashes to be used by a server when negotiating a TLS handshake. This policy will be removed in 119. Bug: 658905 Change-Id: I76e6f766bb5dcbdfd1a742e47ea4064c721b2e02 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4350968 Reviewed-by: Alexander Hendrich <hendrich@chromium.org> Commit-Queue: Bob Beck <bbe@google.com> Cr-Commit-Position: refs/heads/main@{#1124314}
- Loading branch information
Bob Beck
authored and
Chromium LUCI CQ
committed
Mar 30, 2023
1 parent
987784f
commit 3c26b72
Showing
16 changed files
with
259 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
31 changes: 31 additions & 0 deletions
31
...rces/templates/policy_definitions/Miscellaneous/InsecureHashesInTLSHandshakesEnabled.yaml
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,31 @@ | ||
caption: Insecure Hashes in TLS Handshakes Enabled | ||
default: null | ||
desc: |- | ||
This policy allows <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> to use legacy insecure hashes during the TLS handshake process. | ||
If this policy is not configured, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will follow the default rollout process for disallowing insecure hashes. If it is enabled, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will allow insecure hashes to be used by a server when negotiating a TLS handshake. If it is disabled, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will disallow insecure hashes to be used by a server when negotiating a TLS handshake. This policy will be removed in 119. | ||
example_value: false | ||
features: | ||
dynamic_refresh: true | ||
per_profile: false | ||
items: | ||
- caption: Use Default Value for Hashes Allowed in TLS Handshakes. | ||
value: null | ||
- caption: Do Not Allow Insecure Hashes in TLS Handshakes | ||
value: false | ||
- caption: Allow Insecure Hashes in TLS Handshakes | ||
value: true | ||
owners: | ||
- bbe@chromium.org | ||
- trusty-transport@chromium.org | ||
schema: | ||
type: boolean | ||
supported_on: | ||
- chrome.*:114- | ||
- chrome_os:114- | ||
- android:114- | ||
- fuchsia:114- | ||
tags: | ||
- system-security | ||
type: main |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.