1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_SSL_SSL_CONNECTION_STATUS_FLAGS_H_
6 #define NET_SSL_SSL_CONNECTION_STATUS_FLAGS_H_
8 #include "base/logging.h"
9 #include "base/macros.h"
13 // Status flags for SSLInfo::connection_status.
15 // The lower 16 bits are reserved for the TLS ciphersuite id.
16 SSL_CONNECTION_CIPHERSUITE_MASK
= 0xffff,
18 // The next two bits are reserved for the compression used.
19 SSL_CONNECTION_COMPRESSION_SHIFT
= 16,
20 SSL_CONNECTION_COMPRESSION_MASK
= 3,
22 // We fell back to an older protocol version for this connection.
23 SSL_CONNECTION_VERSION_FALLBACK
= 1 << 18,
25 // The server doesn't support the renegotiation_info extension. If this bit
26 // is not set then either the extension isn't supported, or we don't have any
27 // knowledge either way. (The latter case will occur when we use an SSL
28 // library that doesn't report it, like SChannel.)
29 SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION
= 1 << 19,
31 // The next three bits are reserved for the SSL version.
32 SSL_CONNECTION_VERSION_SHIFT
= 20,
33 SSL_CONNECTION_VERSION_MASK
= 7,
35 // 1 << 31 (the sign bit) is reserved so that the SSL connection status will
39 // NOTE: the SSL version enum constants must be between 0 and
40 // SSL_CONNECTION_VERSION_MASK, inclusive. These values are persisted to disk
41 // and used in UMA, so they must remain stable.
43 SSL_CONNECTION_VERSION_UNKNOWN
= 0, // Unknown SSL version.
44 SSL_CONNECTION_VERSION_SSL2
= 1,
45 SSL_CONNECTION_VERSION_SSL3
= 2,
46 SSL_CONNECTION_VERSION_TLS1
= 3,
47 SSL_CONNECTION_VERSION_TLS1_1
= 4,
48 SSL_CONNECTION_VERSION_TLS1_2
= 5,
49 // Reserve 6 for TLS 1.3.
50 SSL_CONNECTION_VERSION_QUIC
= 7,
51 SSL_CONNECTION_VERSION_MAX
,
53 static_assert(SSL_CONNECTION_VERSION_MAX
- 1 <= SSL_CONNECTION_VERSION_MASK
,
54 "SSL_CONNECTION_VERSION_MASK too small");
56 inline uint16
SSLConnectionStatusToCipherSuite(int connection_status
) {
57 return static_cast<uint16
>(connection_status
);
60 inline int SSLConnectionStatusToVersion(int connection_status
) {
61 return (connection_status
>> SSL_CONNECTION_VERSION_SHIFT
) &
62 SSL_CONNECTION_VERSION_MASK
;
65 inline void SSLConnectionStatusSetCipherSuite(uint16 cipher_suite
,
66 int* connection_status
) {
67 // Clear out the old ciphersuite.
68 *connection_status
&= ~SSL_CONNECTION_CIPHERSUITE_MASK
;
69 // Set the new ciphersuite.
70 *connection_status
|= cipher_suite
;
73 inline void SSLConnectionStatusSetVersion(int version
, int* connection_status
) {
74 DCHECK_GT(version
, 0);
75 DCHECK_LT(version
, SSL_CONNECTION_VERSION_MAX
);
77 // Clear out the old version.
79 ~(SSL_CONNECTION_VERSION_MASK
<< SSL_CONNECTION_VERSION_SHIFT
);
80 // Set the new version.
82 ((version
& SSL_CONNECTION_VERSION_MASK
) << SSL_CONNECTION_VERSION_SHIFT
);
87 #endif // NET_SSL_SSL_CONNECTION_STATUS_FLAGS_H_