Detect when the disabled SSL/TLS cipher suites change within an SSLConfig

BUG=58831 TEST=net_unittests --gtest_filter=SSLConfigServiceTest.* Review URL: http://codereview.chromium.org/7395026 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@93159 0039d316-1c4b-4281-b951-d872f2087c98
author: rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-07-20 02:56:33 +0000
committer: rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-07-20 02:56:33 +0000
commit: 604fbfde84d00714b1b97372bccda238d73a4edf (patch)
tree: 3970e82ccc856bd204d5bbd4c33d4d1146adf08b /net/base/ssl_config_service.h
parent: 3d09c1a3c0789800ea299f539be700dbbd617e90 (diff)
download: chromium_src-604fbfde84d00714b1b97372bccda238d73a4edf.zip
chromium_src-604fbfde84d00714b1b97372bccda238d73a4edf.tar.gz
chromium_src-604fbfde84d00714b1b97372bccda238d73a4edf.tar.bz2
1 files changed, 8 insertions, 6 deletions
diff --git a/net/base/ssl_config_service.h b/net/base/ssl_config_service.h
index ab84aad..98acc1e 100644
--- a/net/base/ssl_config_service.h
+++ b/net/base/ssl_config_service.h
@@ -42,17 +42,18 @@ struct NET_API SSLConfig {
   // True if we'll do async checks for certificate provenance using DNS.
   bool dns_cert_provenance_checking_enabled;
 
-  // Cipher suites which should be explicitly prevented from being used in
-  // addition to those disabled by the net built-in policy -- by default, all
-  // cipher suites supported by the underlying SSL implementation will be
-  // enabled except for:
+  // Presorted list of cipher suites which should be explicitly prevented from
+  // being used in addition to those disabled by the net built-in policy.
+  //
+  // By default, all cipher suites supported by the underlying SSL
+  // implementation will be enabled except for:
   // - Null encryption cipher suites.
   // - Weak cipher suites: < 80 bits of security strength.
   // - FORTEZZA cipher suites (obsolete).
   // - IDEA cipher suites (RFC 5469 explains why).
   // - Anonymous cipher suites.
   // The ciphers listed in |disabled_cipher_suites| will be removed in addition
-  // to the above statically defined disable list.
+  // to the above list.
   //
   // Though cipher suites are sent in TLS as "uint8 CipherSuite[2]", in
   // big-endian form, they should be declared in host byte order, with the
@@ -60,7 +61,7 @@ struct NET_API SSLConfig {
   // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to
   // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002.
   //
-  // TODO(rsleevi): Not implemented when using Schannel.
+  // Note: Not implemented when using Schannel/SSLClientSocketWin.
   std::vector<uint16> disabled_cipher_suites;
 
   bool cached_info_enabled;  // True if TLS cached info extension is enabled.
@@ -118,6 +119,7 @@ class NET_API SSLConfigService
     //     rev_checking_enabled
     //     ssl3_enabled
     //     tls1_enabled
+    //     disabled_cipher_suites
     virtual void OnSSLConfigChanged() = 0;
 
    protected:
author	rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-07-20 02:56:33 +0000
committer	rsleevi@chromium.org <rsleevi@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-07-20 02:56:33 +0000
commit	604fbfde84d00714b1b97372bccda238d73a4edf (patch)
tree	3970e82ccc856bd204d5bbd4c33d4d1146adf08b /net/base/ssl_config_service.h
parent	3d09c1a3c0789800ea299f539be700dbbd617e90 (diff)
download	chromium_src-604fbfde84d00714b1b97372bccda238d73a4edf.zip chromium_src-604fbfde84d00714b1b97372bccda238d73a4edf.tar.gz chromium_src-604fbfde84d00714b1b97372bccda238d73a4edf.tar.bz2