1 // Copyright 2015 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_SSL_SSL_SERVER_CONFIG_H_ 6 #define NET_SSL_SSL_SERVER_CONFIG_H_ 7 8 #include <stdint.h> 9 10 #include <optional> 11 #include <utility> 12 #include <vector> 13 14 #include "base/containers/flat_map.h" 15 #include "base/functional/callback.h" 16 #include "base/memory/raw_ptr.h" 17 #include "net/base/net_export.h" 18 #include "net/socket/next_proto.h" 19 #include "net/ssl/ssl_config.h" 20 #include "third_party/boringssl/src/include/openssl/base.h" 21 22 namespace net { 23 24 class ClientCertVerifier; 25 26 // A collection of server-side SSL-related configuration settings. 27 struct NET_EXPORT SSLServerConfig { 28 enum ClientCertType { 29 NO_CLIENT_CERT, 30 OPTIONAL_CLIENT_CERT, 31 REQUIRE_CLIENT_CERT, 32 }; 33 34 // Defaults 35 SSLServerConfig(); 36 SSLServerConfig(const SSLServerConfig& other); 37 ~SSLServerConfig(); 38 39 // The minimum and maximum protocol versions that are enabled. 40 // (Use the SSL_PROTOCOL_VERSION_xxx enumerators defined in ssl_config.h) 41 // SSL 2.0 and SSL 3.0 are not supported. If version_max < version_min, it 42 // means no protocol versions are enabled. 43 uint16_t version_min = kDefaultSSLVersionMin; 44 uint16_t version_max = kDefaultSSLVersionMax; 45 46 // Whether early data is enabled on this connection. The caller is obligated 47 // to reject early data that is non-safe to be replayed. 48 bool early_data_enabled = false; 49 50 // A list of cipher suites which should be explicitly prevented from being 51 // used in addition to those disabled by the net built-in policy. 52 // 53 // Though cipher suites are sent in TLS as "uint8_t CipherSuite[2]", in 54 // big-endian form, they should be declared in host byte order, with the 55 // first uint8_t occupying the most significant byte. 56 // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to 57 // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002. 58 std::vector<uint16_t> disabled_cipher_suites; 59 60 // If true, causes only ECDHE cipher suites to be enabled. 61 bool require_ecdhe = false; 62 63 // cipher_suite_for_testing, if set, causes the server to only support the 64 // specified cipher suite in TLS 1.2 and below. This should only be used in 65 // unit tests. 66 std::optional<uint16_t> cipher_suite_for_testing; 67 68 // signature_algorithm_for_testing, if set, causes the server to only support 69 // the specified signature algorithm in TLS 1.2 and below. This should only be 70 // used in unit tests. 71 std::optional<uint16_t> signature_algorithm_for_testing; 72 73 // curves_for_testing, if not empty, specifies the list of NID values (e.g. 74 // NID_X25519) to configure as supported curves for the TLS connection. 75 std::vector<int> curves_for_testing; 76 77 // Sets the requirement for client certificates during handshake. 78 ClientCertType client_cert_type = NO_CLIENT_CERT; 79 80 // List of DER-encoded X.509 DistinguishedName of certificate authorities 81 // to be included in the CertificateRequest handshake message, 82 // if client certificates are required. 83 std::vector<std::string> cert_authorities; 84 85 // Provides the ClientCertVerifier that is to be used to verify 86 // client certificates during the handshake. 87 // The |client_cert_verifier| continues to be owned by the caller, 88 // and must outlive any sockets spawned from this SSLServerContext. 89 // This field is meaningful only if client certificates are requested. 90 // If a verifier is not provided then all certificates are accepted. 91 raw_ptr<ClientCertVerifier> client_cert_verifier = nullptr; 92 93 // The list of application level protocols supported with ALPN (Application 94 // Layer Protocol Negotiation), in decreasing order of preference. Protocols 95 // will be advertised in this order during TLS handshake. 96 NextProtoVector alpn_protos; 97 98 // ALPS TLS extension is enabled and corresponding data is sent to client if 99 // client also enabled ALPS, for each NextProto in |application_settings|. 100 // Data might be empty. 101 base::flat_map<NextProto, std::vector<uint8_t>> application_settings; 102 103 // If non-empty, the DER-encoded OCSP response to staple. 104 std::vector<uint8_t> ocsp_response; 105 106 // If non-empty, the serialized SignedCertificateTimestampList to send in the 107 // handshake. 108 std::vector<uint8_t> signed_cert_timestamp_list; 109 110 // If specified, called at the start of each connection with the ClientHello. 111 // Returns true to continue the handshake and false to fail it. 112 base::RepeatingCallback<bool(const SSL_CLIENT_HELLO*)> 113 client_hello_callback_for_testing; 114 115 // If specified, causes the specified alert to be sent immediately after the 116 // handshake. 117 std::optional<uint8_t> alert_after_handshake_for_testing; 118 119 // This is a workaround for BoringSSL's scopers not being copyable. See 120 // https://crbug.com/boringssl/431. 121 class NET_EXPORT ECHKeysContainer { 122 public: 123 ECHKeysContainer(); 124 // Intentionally allow implicit conversion from bssl::UniquePtr. 125 ECHKeysContainer( // NOLINT(google-explicit-constructor) 126 bssl::UniquePtr<SSL_ECH_KEYS> keys); 127 ~ECHKeysContainer(); 128 129 ECHKeysContainer(const ECHKeysContainer& other); 130 ECHKeysContainer& operator=(const ECHKeysContainer& other); 131 132 // Forward APIs from bssl::UniquePtr. getSSLServerConfig133 SSL_ECH_KEYS* get() const { return keys_.get(); } 134 explicit operator bool() const { return static_cast<bool>(keys_); } 135 // This is defined out-of-line to avoid an ssl.h include. 136 void reset(SSL_ECH_KEYS* keys = nullptr); 137 138 private: 139 bssl::UniquePtr<SSL_ECH_KEYS> keys_; 140 }; 141 142 // If not nullptr, an ECH configuration to use on the server. 143 ECHKeysContainer ech_keys; 144 }; 145 146 } // namespace net 147 148 #endif // NET_SSL_SSL_SERVER_CONFIG_H_ 149