1 // Copyright 2015 The Chromium Authors 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_SSL_SSL_SERVER_CONFIG_H_ 6 #define NET_SSL_SSL_SERVER_CONFIG_H_ 7 8 #include <stdint.h> 9 10 #include <optional> 11 #include <utility> 12 #include <vector> 13 14 #include "base/containers/flat_map.h" 15 #include "base/functional/callback.h" 16 #include "base/memory/raw_ptr.h" 17 #include "net/base/net_export.h" 18 #include "net/socket/next_proto.h" 19 #include "net/ssl/ssl_config.h" 20 #include "third_party/boringssl/src/include/openssl/base.h" 21 22 namespace net { 23 24 class ClientCertVerifier; 25 26 // A collection of server-side SSL-related configuration settings. 27 struct NET_EXPORT SSLServerConfig { 28 enum ClientCertType { 29 NO_CLIENT_CERT, 30 OPTIONAL_CLIENT_CERT, 31 REQUIRE_CLIENT_CERT, 32 }; 33 34 // Defaults 35 SSLServerConfig(); 36 SSLServerConfig(const SSLServerConfig& other); 37 ~SSLServerConfig(); 38 39 // The minimum and maximum protocol versions that are enabled. 40 // (Use the SSL_PROTOCOL_VERSION_xxx enumerators defined in ssl_config.h) 41 // SSL 2.0 and SSL 3.0 are not supported. If version_max < version_min, it 42 // means no protocol versions are enabled. 43 uint16_t version_min = kDefaultSSLVersionMin; 44 uint16_t version_max = kDefaultSSLVersionMax; 45 46 // Whether early data is enabled on this connection. The caller is obligated 47 // to reject early data that is non-safe to be replayed. 48 bool early_data_enabled = false; 49 50 // A list of cipher suites which should be explicitly prevented from being 51 // used in addition to those disabled by the net built-in policy. 52 // 53 // Though cipher suites are sent in TLS as "uint8_t CipherSuite[2]", in 54 // big-endian form, they should be declared in host byte order, with the 55 // first uint8_t occupying the most significant byte. 56 // Ex: To disable TLS_RSA_WITH_RC4_128_MD5, specify 0x0004, while to 57 // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002. 58 std::vector<uint16_t> disabled_cipher_suites; 59 60 // If true, causes only ECDHE cipher suites to be enabled. 61 bool require_ecdhe = false; 62 63 // cipher_suite_for_testing, if set, causes the server to only support the 64 // specified cipher suite in TLS 1.2 and below. This should only be used in 65 // unit tests. 66 std::optional<uint16_t> cipher_suite_for_testing; 67 68 // signature_algorithm_for_testing, if set, causes the server to only support 69 // the specified signature algorithm in TLS 1.2 and below. This should only be 70 // used in unit tests. 71 std::optional<uint16_t> signature_algorithm_for_testing; 72 73 // curves_for_testing, if not empty, specifies the list of NID values (e.g. 74 // NID_X25519) to configure as supported curves for the TLS connection. 75 std::vector<int> curves_for_testing; 76 77 // Sets the requirement for client certificates during handshake. 78 ClientCertType client_cert_type = NO_CLIENT_CERT; 79 80 // List of DER-encoded X.509 DistinguishedName of certificate authorities 81 // to be included in the CertificateRequest handshake message, 82 // if client certificates are required. 83 std::vector<std::string> cert_authorities; 84 85 // Provides the ClientCertVerifier that is to be used to verify 86 // client certificates during the handshake. 87 // The |client_cert_verifier| continues to be owned by the caller, 88 // and must outlive any sockets spawned from this SSLServerContext. 89 // This field is meaningful only if client certificates are requested. 90 // If a verifier is not provided then all certificates are accepted. 91 raw_ptr<ClientCertVerifier> client_cert_verifier = nullptr; 92 93 // If set, causes the server to support the specified client certificate 94 // signature algorithms. 95 std::vector<uint16_t> client_cert_signature_algorithms; 96 97 // The list of application level protocols supported with ALPN (Application 98 // Layer Protocol Negotiation), in decreasing order of preference. Protocols 99 // will be advertised in this order during TLS handshake. 100 NextProtoVector alpn_protos; 101 102 // ALPS TLS extension is enabled and corresponding data is sent to client if 103 // client also enabled ALPS, for each NextProto in |application_settings|. 104 // Data might be empty. 105 base::flat_map<NextProto, std::vector<uint8_t>> application_settings; 106 107 // If non-empty, the DER-encoded OCSP response to staple. 108 std::vector<uint8_t> ocsp_response; 109 110 // If non-empty, the serialized SignedCertificateTimestampList to send in the 111 // handshake. 112 std::vector<uint8_t> signed_cert_timestamp_list; 113 114 // If specified, called at the start of each connection with the ClientHello. 115 // Returns true to continue the handshake and false to fail it. 116 base::RepeatingCallback<bool(const SSL_CLIENT_HELLO*)> 117 client_hello_callback_for_testing; 118 119 // If specified, causes the specified alert to be sent immediately after the 120 // handshake. 121 std::optional<uint8_t> alert_after_handshake_for_testing; 122 123 // This is a workaround for BoringSSL's scopers not being copyable. See 124 // https://crbug.com/boringssl/431. 125 class NET_EXPORT ECHKeysContainer { 126 public: 127 ECHKeysContainer(); 128 // Intentionally allow implicit conversion from bssl::UniquePtr. 129 ECHKeysContainer( // NOLINT(google-explicit-constructor) 130 bssl::UniquePtr<SSL_ECH_KEYS> keys); 131 ~ECHKeysContainer(); 132 133 ECHKeysContainer(const ECHKeysContainer& other); 134 ECHKeysContainer& operator=(const ECHKeysContainer& other); 135 136 // Forward APIs from bssl::UniquePtr. getSSLServerConfig137 SSL_ECH_KEYS* get() const { return keys_.get(); } 138 explicit operator bool() const { return static_cast<bool>(keys_); } 139 // This is defined out-of-line to avoid an ssl.h include. 140 void reset(SSL_ECH_KEYS* keys = nullptr); 141 142 private: 143 bssl::UniquePtr<SSL_ECH_KEYS> keys_; 144 }; 145 146 // If not nullptr, an ECH configuration to use on the server. 147 ECHKeysContainer ech_keys; 148 }; 149 150 } // namespace net 151 152 #endif // NET_SSL_SSL_SERVER_CONFIG_H_ 153