Reland of "Add Finch param to control TLS 1.3 Downgrade enforcement on known/unknown roots."
Using an explicit string in about_flags to avoid static initializer.
Bug: boringssl:226
Change-Id: I095c5060e903eb610576705acd760a535e55325e
Reviewed-on: https://chromium-review.googlesource.com/c/1335872
Commit-Queue: Steven Valdez <[email protected]>
Reviewed-by: David Benjamin <[email protected]>
Cr-Commit-Position: refs/heads/master@{#608092}diff --git a/chrome/browser/about_flags.cc b/chrome/browser/about_flags.cc
index 4360f405..9d371d1 100644
--- a/chrome/browser/about_flags.cc
+++ b/chrome/browser/about_flags.cc
@@ -789,6 +789,13 @@
switches::kTLS13VariantFinal},
};
+const FeatureEntry::FeatureParam kEnforceTLS13DowngradeKnownOnly[] = {
+ {"known_roots_only", "true"}};
+
+const FeatureEntry::FeatureVariation kEnforceTLS13DowngradeFeatureVariations[] =
+ {{"(Known Root Only)", kEnforceTLS13DowngradeKnownOnly,
+ base::size(kEnforceTLS13DowngradeKnownOnly), nullptr}};
+
#if !defined(OS_ANDROID)
const FeatureEntry::Choice kEnableAudioFocusChoices[] = {
{flag_descriptions::kEnableAudioFocusDisabled, "", ""},
@@ -2605,7 +2612,9 @@
MULTI_VALUE_TYPE(kTLS13VariantChoices)},
{"enforce-tls13-downgrade", flag_descriptions::kEnforceTLS13DowngradeName,
flag_descriptions::kEnforceTLS13DowngradeDescription, kOsAll,
- FEATURE_VALUE_TYPE(net::features::kEnforceTLS13Downgrade)},
+ FEATURE_WITH_PARAMS_VALUE_TYPE(net::features::kEnforceTLS13Downgrade,
+ kEnforceTLS13DowngradeFeatureVariations,
+ "EnforceTLS13Downgrade")},
{"enable-scroll-anchor-serialization",
flag_descriptions::kEnableScrollAnchorSerializationName,
flag_descriptions::kEnableScrollAnchorSerializationDescription, kOsAll,
