summaryrefslogtreecommitdiffstats
path: root/chromium/net/ssl/ssl_cipher_suite_names.h
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/net/ssl/ssl_cipher_suite_names.h')
-rw-r--r--chromium/net/ssl/ssl_cipher_suite_names.h11
1 files changed, 11 insertions, 0 deletions
diff --git a/chromium/net/ssl/ssl_cipher_suite_names.h b/chromium/net/ssl/ssl_cipher_suite_names.h
index 5145fb24c5e..29c03a1aea0 100644
--- a/chromium/net/ssl/ssl_cipher_suite_names.h
+++ b/chromium/net/ssl/ssl_cipher_suite_names.h
@@ -46,6 +46,17 @@ NET_EXPORT void SSLVersionToString(const char** name, int ssl_version);
NET_EXPORT bool ParseSSLCipherString(const std::string& cipher_string,
uint16* cipher_suite);
+// |cipher_suite| is the IANA id for the cipher suite. What a "secure"
+// cipher suite is arbitrarily determined here. The intent is to indicate what
+// cipher suites meet modern security standards when backwards compatibility can
+// be ignored. Notably, HTTP/2 requires/encourages this sort of validation of
+// cipher suites: https://http2.github.io/http2-spec/#TLSUsage.
+//
+// Currently, this function follows these criteria:
+// 1) Only uses forward secure key exchanges
+// 2) Only uses AEADs
+NET_EXPORT_PRIVATE bool IsSecureTLSCipherSuite(uint16 cipher_suite);
+
} // namespace net
#endif // NET_SSL_SSL_CIPHER_SUITE_NAMES_H_
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-07 21:06:18 +0000