Update TLS13HardeningForLocalAnchorsEnabled to reflect the new default

The default was changed in https://chromium-review.googlesource.com/c/chromium/src/+/1965952, but I forgot the admin policy documentation also needs updating. Bug: 996894 Change-Id: Ib6ddd9a91e0812662a46125c377ab7486180c447 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1974578 Commit-Queue: David Benjamin <davidben@chromium.org> Auto-Submit: David Benjamin <davidben@chromium.org> Reviewed-by: Julian Pastarmov <pastarmovj@chromium.org> Cr-Commit-Position: refs/heads/master@{#726432}

Update TLS13HardeningForLocalAnchorsEnabled to reflect the new default
The default was changed in https://chromium-review.googlesource.com/c/chromium/src/+/1965952, but I forgot the admin policy documentation also needs updating. Bug: 996894 Change-Id: Ib6ddd9a91e0812662a46125c377ab7486180c447 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1974578 Commit-Queue: David Benjamin <davidben@chromium.org> Auto-Submit: David Benjamin <davidben@chromium.org> Reviewed-by: Julian Pastarmov <pastarmovj@chromium.org> Cr-Commit-Position: refs/heads/master@{#726432}
e3015922 · David Benjamin · Commit Bot · c5454b91 · e3015922
Commit e3015922 authored Dec 19, 2019 by David Benjamin Committed by Commit Bot Dec 19, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 3 additions and 5 deletions

components/policy/resources/policy_templates.json components/policy/resources/policy_templates.json +3 -5

No files found.
--- a/components/policy/resources/policy_templates.json
+++ b/components/policy/resources/policy_templates.json
@@ -18773,13 +18773,11 @@
      'tags': ['system-security'],
      'desc': '''This policy controls a security feature in TLS 1.3 which protects connections against downgrade attacks. It is backwards-compatible and will not affect connections to compliant TLS 1.2 servers or proxies. However, older versions of some TLS-intercepting proxies have an implementation flaw which causes them to be incompatible.

-      If this policy is set to True, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will enable these security protections for all connections.
+      If this policy is set to True or not set, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will enable these security protections for all connections.

-      If this policy is set to False or not set, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will disable these security protections for connections authenticated with locally-installed CA certificates. These protections are always enabled for connections authenticated with publicly-trusted CA certificates.
+      If this policy is set to False, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will disable these security protections for connections authenticated with locally-installed CA certificates. These protections are always enabled for connections authenticated with publicly-trusted CA certificates.

-      This policy may be used to test for any affected proxies and upgrade them. Affected proxies are expected to fail connections with an error code of ERR_TLS13_DOWNGRADE_DETECTED. A later version of <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will enable this option by default.
-
-      After it is enabled by default, administrators who need more time to upgrade affected proxies may use this policy to temporarily disable this security feature. This policy will be removed after version 85.
+      The default value for this policy was changed in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> 81 from false to true. Affected proxies are expected to fail connections with an error code of ERR_TLS13_DOWNGRADE_DETECTED. Administrators who need more time to upgrade affected proxies may use this policy to temporarily disable this security feature. This policy will be removed after version 85.
      '''
    },
    {