Disable the TLS version fallback.

This sets the default minimum TLS fallback version to TLS 1.2. The code is
retained for now to support a resurrected SSLVersionFallbackMin admin policy.
The policy is set to expire in Chrome 53, matching the timeline for the
previous fallback removal. As an escape hatch (but I don't expect to need it),
it's also connected to a field trial.

This also tweaks the fallback code. The TLS 1.0 fallback leg is now completely
gone (the admin policy expired) and ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION
hits have leveled off (see Net.ErrorCodesForMainFrame3), cap the fallback code
to TLS 1.1. We will no longer even try TLS 1.0 ClientHellos for the purposes of
showing the error code. This will decrease the amount of time it takes to show
an error page in some cases.

The ssl_version_fallback_min toggle is also tweaked to reject all values below
TLS 1.1, so that the resurrected admin policy cannot be used to set the value
at TLS 1.0 again. (Though it would be moot due to the above change.)

We'll also want to add a link to some to-be-written Help Center article on the
error page, but that'll be done separately after chatting with UI folks.

BUG=536200,583787

Review URL: https://codereview.chromium.org/1682623002

Cr-Commit-Position: refs/heads/master@{#377352}

9 files changed, 134 insertions, 98 deletions

diff --git a/chrome/browser/policy/policy_browsertest.cc b/chrome/browser/policy/policy_browsertest.cc
index 6eab46f..df2ca80 100644
--- a/chrome/browser/policy/policy_browsertest.cc
+++ b/chrome/browser/policy/policy_browsertest.cc
@@ -2729,12 +2729,12 @@ uint16_t GetSSLVersionFallbackMin(Profile* profile) {
 IN_PROC_BROWSER_TEST_F(PolicyTest, SSLVersionFallbackMin) {
   PrefService* prefs = g_browser_process->local_state();
 
-  const std::string new_value("tls1.2");
+  const std::string new_value("tls1.1");
   const std::string default_value(
       prefs->GetString(ssl_config::prefs::kSSLVersionFallbackMin));
 
   EXPECT_NE(default_value, new_value);
-  EXPECT_NE(net::SSL_PROTOCOL_VERSION_TLS1_2,
+  EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1_2,
             GetSSLVersionFallbackMin(browser()->profile()));
 
   PolicyMap policies;
@@ -2746,7 +2746,7 @@ IN_PROC_BROWSER_TEST_F(PolicyTest, SSLVersionFallbackMin) {
                NULL);
   UpdateProviderPolicy(policies);
 
-  EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1_2,
+  EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1_1,
             GetSSLVersionFallbackMin(browser()->profile()));
 }
 
diff --git a/components/policy/resources/policy_templates.json b/components/policy/resources/policy_templates.json
index 7573cc2..b626efa 100644
--- a/components/policy/resources/policy_templates.json
+++ b/components/policy/resources/policy_templates.json
@@ -7836,18 +7836,12 @@
       'schema': {
         'type': 'string',
         'enum': [
-          'tls1',
           'tls1.1',
           'tls1.2',
         ],
       },
       'items': [
         {
-          'name': 'TLSv1',
-          'value': 'tls1',
-          'caption': 'TLS 1.0',
-        },
-        {
           'name': 'TLSv1.1',
           'value': 'tls1.1',
           'caption': 'TLS 1.1',
@@ -7859,10 +7853,10 @@
         },
       ],
       'supported_on': [
-        'chrome.*:45-47',
-        'chrome_os:45-47',
-        'android:45-47',
-        'ios:45-47',
+        'chrome.*:50-52',
+        'chrome_os:50-52',
+        'android:50-52',
+        'ios:50-52',
       ],
       'features': {
         'dynamic_refresh': True,
@@ -7871,16 +7865,14 @@
       'example_value': 'tls1.1',
       'id': 280,
       'caption': '''Minimum TLS version to fallback to''',
-      'tags': [],
-      'desc': '''Warning: The TLS 1.0 version fallback will be removed from <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> after version 47 (around January 2016) and the "tls1" option will stop working then.
-
-      When a TLS handshake fails, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will retry the connection with a lesser version of TLS in order to work around bugs in HTTPS servers. This setting configures the version at which this fallback process will stop. If a server performs version negotiation correctly (i.e. without breaking the connection) then this setting doesn't apply. Regardless, the resulting connection must still comply with SSLVersionMin.
+      'tags': ['system-security'],
+      'desc': '''Warning: The TLS version fallback will be removed from <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> after version 52 (around September 2016) and this policy will stop working then.
 
-      If this policy is not configured then <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> uses a default minimum version which is TLS 1.0 in <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> 44 and TLS 1.1 in later versions. Note this does not disable support for TLS 1.0, only whether <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will work around buggy servers which cannot negotiate versions correctly.
+      When a TLS handshake fails, <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> would previously retry the connection with a lesser version of TLS in order to work around bugs in HTTPS servers. This setting configures the version at which this fallback process will stop. If a server performs version negotiation correctly (i.e. without breaking the connection) then this setting doesn't apply. Regardless, the resulting connection must still comply with SSLVersionMin.
 
-      Otherwise it may be set to one of the following values: "tls1", "tls1.1" or "tls1.2". If compatibility with a buggy server must be maintained, this may be set to "tls1". This is a stopgap measure and the server should be rapidly fixed.
+      If this policy is not configured or if it is set to "tls1.2" then <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> no longer performs this fallback. Note this does not disable support for older TLS versions, only whether <ph name="PRODUCT_NAME">$1<ex>Google Chrome</ex></ph> will work around buggy servers which cannot negotiate versions correctly.
 
-      A setting of "tls1.2" disables all fallback but this may have a significant compatibility impact.''',
+      Otherwise, if compatibility with a buggy server must be maintained, this policy may be set to "tls1.1". This is a stopgap measure and the server should be rapidly fixed.''',
     },
     {
       'name': 'RC4Enabled',
diff --git a/components/ssl_config/ssl_config_service_manager_pref.cc b/components/ssl_config/ssl_config_service_manager_pref.cc
index 8d8cf5c..af1cd09 100644
--- a/components/ssl_config/ssl_config_service_manager_pref.cc
+++ b/components/ssl_config/ssl_config_service_manager_pref.cc
@@ -10,6 +10,7 @@
 #include <vector>
 
 #include "base/bind.h"
+#include "base/feature_list.h"
 #include "base/macros.h"
 #include "base/metrics/field_trial.h"
 #include "base/single_thread_task_runner.h"
@@ -88,6 +89,10 @@ bool IsRC4EnabledByDefault() {
   return base::StartsWith(group_name, "Enabled", base::CompareCase::SENSITIVE);
 }
 
+const base::Feature kSSLVersionFallbackTLSv11 {
+    "SSLVersionFallbackTLSv1.1", base::FEATURE_DISABLED_BY_DEFAULT,
+};
+
 }  // namespace
 
 ////////////////////////////////////////////////////////////////////////////////
@@ -197,6 +202,15 @@ SSLConfigServiceManagerPref::SSLConfigServiceManagerPref(
       ssl_config::prefs::kRC4Enabled,
       new base::FundamentalValue(IsRC4EnabledByDefault()));
 
+  // Restore the TLS 1.1 fallback leg if enabled via features.
+  // TODO(davidben): Remove this when the fallback removal has succeeded.
+  // https://crbug.com/536200.
+  if (base::FeatureList::IsEnabled(kSSLVersionFallbackTLSv11)) {
+    local_state->SetDefaultPrefValue(
+        ssl_config::prefs::kSSLVersionFallbackMin,
+        new base::StringValue(switches::kSSLVersionTLSv11));
+  }
+
   PrefChangeRegistrar::NamedChangeCallback local_state_callback =
       base::Bind(&SSLConfigServiceManagerPref::OnPreferenceChanged,
                  base::Unretained(this), local_state);
@@ -294,7 +308,9 @@ void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs(
     uint16_t supported_version_max = config->version_max;
     config->version_max = std::min(supported_version_max, version_max);
   }
-  if (version_fallback_min) {
+  // Values below TLS 1.1 are invalid.
+  if (version_fallback_min &&
+      version_fallback_min >= net::SSL_PROTOCOL_VERSION_TLS1_1) {
     config->version_fallback_min = version_fallback_min;
   }
   config->disabled_cipher_suites = disabled_cipher_suites_;
diff --git a/components/ssl_config/ssl_config_service_manager_pref_unittest.cc b/components/ssl_config/ssl_config_service_manager_pref_unittest.cc
index 72b8818..c15e72b 100644
--- a/components/ssl_config/ssl_config_service_manager_pref_unittest.cc
+++ b/components/ssl_config/ssl_config_service_manager_pref_unittest.cc
@@ -4,7 +4,11 @@
 
 #include "components/ssl_config/ssl_config_service_manager.h"
 
+#include <utility>
+
+#include "base/feature_list.h"
 #include "base/memory/ref_counted.h"
+#include "base/memory/scoped_ptr.h"
 #include "base/message_loop/message_loop.h"
 #include "base/thread_task_runner_handle.h"
 #include "base/values.h"
@@ -173,3 +177,49 @@ TEST_F(SSLConfigServiceManagerPrefTest, NoSSL3) {
   // The command-line option must not have been honored.
   EXPECT_LE(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min);
 }
+
+// Tests that fallback beyond TLS 1.0 cannot be re-enabled.
+TEST_F(SSLConfigServiceManagerPrefTest, NoTLS1Fallback) {
+  scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
+
+  TestingPrefServiceSimple local_state;
+  local_state.SetUserPref(ssl_config::prefs::kSSLVersionFallbackMin,
+                          new base::StringValue("tls1"));
+  SSLConfigServiceManager::RegisterPrefs(local_state.registry());
+
+  scoped_ptr<SSLConfigServiceManager> config_manager(
+      SSLConfigServiceManager::CreateDefaultManager(
+          &local_state, base::ThreadTaskRunnerHandle::Get()));
+  ASSERT_TRUE(config_manager.get());
+  scoped_refptr<SSLConfigService> config_service(config_manager->Get());
+  ASSERT_TRUE(config_service.get());
+
+  SSLConfig ssl_config;
+  config_service->GetSSLConfig(&ssl_config);
+  // The command-line option must not have been honored.
+  EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1_2, ssl_config.version_fallback_min);
+}
+
+// Tests that the TLS 1.1 fallback may be re-enabled via features.
+TEST_F(SSLConfigServiceManagerPrefTest, TLSFallbackFeature) {
+  // Toggle the feature.
+  base::FeatureList::ClearInstanceForTesting();
+  scoped_ptr<base::FeatureList> feature_list(new base::FeatureList);
+  feature_list->InitializeFromCommandLine("SSLVersionFallbackTLSv1.1",
+                                          std::string());
+  base::FeatureList::SetInstance(std::move(feature_list));
+
+  TestingPrefServiceSimple local_state;
+  SSLConfigServiceManager::RegisterPrefs(local_state.registry());
+
+  scoped_ptr<SSLConfigServiceManager> config_manager(
+      SSLConfigServiceManager::CreateDefaultManager(
+          &local_state, base::ThreadTaskRunnerHandle::Get()));
+  scoped_refptr<SSLConfigService> config_service(config_manager->Get());
+  ASSERT_TRUE(config_service.get());
+
+  // The feature should have switched the default version_fallback_min value.
+  SSLConfig ssl_config;
+  config_service->GetSSLConfig(&ssl_config);
+  EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1_1, ssl_config.version_fallback_min);
+}
diff --git a/components/ssl_config/ssl_config_switches.cc b/components/ssl_config/ssl_config_switches.cc
index 139593e..779149d 100644
--- a/components/ssl_config/ssl_config_switches.cc
+++ b/components/ssl_config/ssl_config_switches.cc
@@ -12,7 +12,7 @@ const char kSSLVersionMax[] = "ssl-version-max";
 // Specifies the minimum SSL/TLS version ("tls1", "tls1.1", or "tls1.2").
 const char kSSLVersionMin[] = "ssl-version-min";
 
-// Specifies the minimum SSL/TLS version ("tls1", "tls1.1", or "tls1.2") that
+// Specifies the minimum SSL/TLS version ("tls1.1" or "tls1.2") that
 // TLS fallback will accept.
 const char kSSLVersionFallbackMin[] = "ssl-version-fallback-min";
 
diff --git a/net/http/http_network_transaction.cc b/net/http/http_network_transaction.cc
index ea36dca..94361da 100644
--- a/net/http/http_network_transaction.cc
+++ b/net/http/http_network_transaction.cc
@@ -1437,61 +1437,31 @@ int HttpNetworkTransaction::HandleSSLHandshakeError(int error) {
     return OK;
   }
 
+  // TODO(davidben): Remove this code once the dedicated error code is no
+  // longer needed and the flags to re-enable the fallback expire.
   bool should_fallback = false;
   uint16_t version_max = server_ssl_config_.version_max;
 
   switch (error) {
+    // This could be a TLS-intolerant server or a server that chose a
+    // cipher suite defined only for higher protocol versions (such as
+    // an TLS 1.1 server that chose a TLS-1.2-only cipher suite).  Fall
+    // back to the next lower version and retry.
     case ERR_CONNECTION_CLOSED:
     case ERR_SSL_PROTOCOL_ERROR:
     case ERR_SSL_VERSION_OR_CIPHER_MISMATCH:
-      if (version_max >= SSL_PROTOCOL_VERSION_TLS1 &&
-          version_max > server_ssl_config_.version_min) {
-        // This could be a TLS-intolerant server or a server that chose a
-        // cipher suite defined only for higher protocol versions (such as
-        // an SSL 3.0 server that chose a TLS-only cipher suite).  Fall
-        // back to the next lower version and retry.
-        // NOTE: if the SSLClientSocket class doesn't support TLS 1.1,
-        // specifying TLS 1.1 in version_max will result in a TLS 1.0
-        // handshake, so falling back from TLS 1.1 to TLS 1.0 will simply
-        // repeat the TLS 1.0 handshake. To avoid this problem, the default
-        // version_max should match the maximum protocol version supported
-        // by the SSLClientSocket class.
-        version_max--;
-
-        // Fallback to the lower SSL version.
-        // While SSL 3.0 fallback should be eliminated because of security
-        // reasons, there is a high risk of breaking the servers if this is
-        // done in general.
-        should_fallback = true;
-      }
-      break;
+    // Some servers trigger the TLS 1.1 fallback with ERR_CONNECTION_RESET
+    // (https://crbug.com/433406).
     case ERR_CONNECTION_RESET:
-      if (version_max >= SSL_PROTOCOL_VERSION_TLS1_1 &&
-          version_max > server_ssl_config_.version_min) {
-        // Some network devices that inspect application-layer packets seem to
-        // inject TCP reset packets to break the connections when they see TLS
-        // 1.1 in ClientHello or ServerHello. See http://crbug.com/130293.
-        //
-        // Only allow ERR_CONNECTION_RESET to trigger a fallback from TLS 1.1 or
-        // 1.2. We don't lose much in this fallback because the explicit IV for
-        // CBC mode in TLS 1.1 is approximated by record splitting in TLS
-        // 1.0. The fallback will be more painful for TLS 1.2 when we have GCM
-        // support.
-        //
-        // ERR_CONNECTION_RESET is a common network error, so we don't want it
-        // to trigger a version fallback in general, especially the TLS 1.0 ->
-        // SSL 3.0 fallback, which would drop TLS extensions.
-        version_max--;
-        should_fallback = true;
-      }
-      break;
+    // This was added for the TLS 1.0 fallback (https://crbug.com/260358) which
+    // has since been removed, but other servers may be relying on it for the
+    // TLS 1.1 fallback. It will be removed with the remainder of the fallback.
     case ERR_SSL_BAD_RECORD_MAC_ALERT:
-      if (version_max >= SSL_PROTOCOL_VERSION_TLS1_1 &&
+      // Fallback down to a TLS 1.1 ClientHello. By default, this is rejected
+      // but surfaces ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION to help diagnose
+      // server bugs.
+      if (version_max >= SSL_PROTOCOL_VERSION_TLS1_2 &&
           version_max > server_ssl_config_.version_min) {
-        // Some broken SSL devices negotiate TLS 1.0 when sent a TLS 1.1 or
-        // 1.2 ClientHello, but then return a bad_record_mac alert. See
-        // crbug.com/260358. In order to make the fallback as minimal as
-        // possible, this fallback is only triggered for >= TLS 1.1.
         version_max--;
         should_fallback = true;
       }
diff --git a/net/http/http_network_transaction_ssl_unittest.cc b/net/http/http_network_transaction_ssl_unittest.cc
index 84095cf..d856996 100644
--- a/net/http/http_network_transaction_ssl_unittest.cc
+++ b/net/http/http_network_transaction_ssl_unittest.cc
@@ -114,7 +114,7 @@ class HttpNetworkTransactionSSLTest : public testing::Test {
 };
 
 // Tests that HttpNetworkTransaction attempts to fallback from
-// TLS 1.2 to TLS 1.1, then from TLS 1.1 to TLS 1.0.
+// TLS 1.2 to TLS 1.1.
 TEST_F(HttpNetworkTransactionSSLTest, SSLFallback) {
   ssl_config_service_ = new TLS12SSLConfigService;
   session_params_.ssl_config_service = ssl_config_service_.get();
@@ -133,19 +133,11 @@ TEST_F(HttpNetworkTransactionSSLTest, SSLFallback) {
   StaticSocketDataProvider data2(NULL, 0, NULL, 0);
   mock_socket_factory_.AddSocketDataProvider(&data2);
 
-  // |ssl_data3| contains the handshake result for a TLS 1.0
-  // handshake which will be attempted after the TLS 1.1
-  // handshake fails.
-  SSLSocketDataProvider ssl_data3(ASYNC, ERR_SSL_PROTOCOL_ERROR);
-  mock_socket_factory_.AddSSLSocketDataProvider(&ssl_data3);
-  StaticSocketDataProvider data3(NULL, 0, NULL, 0);
-  mock_socket_factory_.AddSocketDataProvider(&data3);
-
   HttpNetworkSession session(session_params_);
   HttpNetworkTransaction trans(DEFAULT_PRIORITY, &session);
 
   TestCompletionCallback callback;
-  // This will consume |ssl_data1|, |ssl_data2| and |ssl_data3|.
+  // This will consume |ssl_data1| and |ssl_data2|.
   int rv =
       callback.GetResult(trans.Start(GetRequestInfo("https://www.paypal.com/"),
                                      callback.callback(), BoundNetLog()));
@@ -153,12 +145,12 @@ TEST_F(HttpNetworkTransactionSSLTest, SSLFallback) {
 
   SocketDataProviderArray<SocketDataProvider>& mock_data =
       mock_socket_factory_.mock_data();
-  // Confirms that |ssl_data1|, |ssl_data2| and |ssl_data3| are consumed.
-  EXPECT_EQ(3u, mock_data.next_index());
+  // Confirms that |ssl_data1| and |ssl_data2| are consumed.
+  EXPECT_EQ(2u, mock_data.next_index());
 
   SSLConfig& ssl_config = GetServerSSLConfig(&trans);
-  // |version_max| fallbacks to TLS 1.0.
-  EXPECT_EQ(SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_max);
+  // |version_max| falls back to TLS 1.1.
+  EXPECT_EQ(SSL_PROTOCOL_VERSION_TLS1_1, ssl_config.version_max);
   EXPECT_TRUE(ssl_config.version_fallback);
 }
 
@@ -216,4 +208,3 @@ TEST_F(HttpNetworkTransactionSSLTest, TokenBinding) {
 #endif  // !defined(OS_IOS)
 
 }  // namespace net
-
diff --git a/net/ssl/ssl_config.cc b/net/ssl/ssl_config.cc
index e3ced67..be87ed0 100644
--- a/net/ssl/ssl_config.cc
+++ b/net/ssl/ssl_config.cc
@@ -12,7 +12,7 @@ const uint16_t kDefaultSSLVersionMin = SSL_PROTOCOL_VERSION_TLS1;
 
 const uint16_t kDefaultSSLVersionMax = SSL_PROTOCOL_VERSION_TLS1_2;
 
-const uint16_t kDefaultSSLVersionFallbackMin = SSL_PROTOCOL_VERSION_TLS1_1;
+const uint16_t kDefaultSSLVersionFallbackMin = SSL_PROTOCOL_VERSION_TLS1_2;
 
 SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {}
 
diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc
index 55f5235..2b6f11f 100644
--- a/net/url_request/url_request_unittest.cc
+++ b/net/url_request/url_request_unittest.cc
@@ -8725,21 +8725,33 @@ TEST_F(HTTPSFallbackTest, TLSv1NoFallback) {
       SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_1;
 
   ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options));
+  ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH);
+}
+
+// Tests the TLS 1.1 fallback doesn't happen but 1.2-intolerance is detected.
+TEST_F(HTTPSFallbackTest, TLSv1_1NoFallback) {
+  SpawnedTestServer::SSLOptions ssl_options(
+      SpawnedTestServer::SSLOptions::CERT_OK);
+  ssl_options.tls_intolerant =
+      SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_2;
+
+  ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options));
   ExpectFailure(ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION);
 }
 
-// Tests the TLS 1.1 fallback.
+// Tests the TLS 1.1 fallback when explicitly enabled.
 TEST_F(HTTPSFallbackTest, TLSv1_1Fallback) {
   SpawnedTestServer::SSLOptions ssl_options(
       SpawnedTestServer::SSLOptions::CERT_OK);
   ssl_options.tls_intolerant =
       SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_2;
 
+  set_fallback_min_version(SSL_PROTOCOL_VERSION_TLS1_1);
   ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options));
   ExpectConnection(SSL_CONNECTION_VERSION_TLS1_1);
 }
 
-// Tests that the TLS 1.1 fallback triggers on closed connections.
+// Tests that the TLS 1.1 fallback, if enabled, triggers on closed connections.
 TEST_F(HTTPSFallbackTest, TLSv1_1FallbackClosed) {
   SpawnedTestServer::SSLOptions ssl_options(
       SpawnedTestServer::SSLOptions::CERT_OK);
@@ -8748,6 +8760,7 @@ TEST_F(HTTPSFallbackTest, TLSv1_1FallbackClosed) {
   ssl_options.tls_intolerance_type =
       SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_CLOSE;
 
+  set_fallback_min_version(SSL_PROTOCOL_VERSION_TLS1_1);
   ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options));
   ExpectConnection(SSL_CONNECTION_VERSION_TLS1_1);
 }
@@ -8755,7 +8768,7 @@ TEST_F(HTTPSFallbackTest, TLSv1_1FallbackClosed) {
 // This test is disabled on Android because the remote test server doesn't cause
 // a TCP reset.
 #if !defined(OS_ANDROID)
-// Tests fallback to TLS 1.1 on connection reset.
+// Tests fallback to TLS 1.1, if enabled, on connection reset.
 TEST_F(HTTPSFallbackTest, TLSv1_1FallbackReset) {
   SpawnedTestServer::SSLOptions ssl_options(
       SpawnedTestServer::SSLOptions::CERT_OK);
@@ -8764,13 +8777,15 @@ TEST_F(HTTPSFallbackTest, TLSv1_1FallbackReset) {
   ssl_options.tls_intolerance_type =
       SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_RESET;
 
+  set_fallback_min_version(SSL_PROTOCOL_VERSION_TLS1_1);
   ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options));
   ExpectConnection(SSL_CONNECTION_VERSION_TLS1_1);
 }
 #endif  // !OS_ANDROID
 
-// Tests that we don't fallback on handshake failure with servers that implement
-// TLS_FALLBACK_SCSV. Also ensure that the original error code is reported.
+// Tests that we don't fallback, even if enabled, on handshake failure with
+// servers that implement TLS_FALLBACK_SCSV. Also ensure that the original error
+// code is reported.
 TEST_F(HTTPSFallbackTest, FallbackSCSV) {
   SpawnedTestServer::SSLOptions ssl_options(
       SpawnedTestServer::SSLOptions::CERT_OK);
@@ -8782,6 +8797,7 @@ TEST_F(HTTPSFallbackTest, FallbackSCSV) {
   // connections are rejected.
   ssl_options.fallback_scsv_enabled = true;
 
+  set_fallback_min_version(SSL_PROTOCOL_VERSION_TLS1_1);
   ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options));
 
   // ERR_SSL_VERSION_OR_CIPHER_MISMATCH is how the server simulates version
@@ -8791,8 +8807,9 @@ TEST_F(HTTPSFallbackTest, FallbackSCSV) {
   ExpectFailure(ERR_SSL_VERSION_OR_CIPHER_MISMATCH);
 }
 
-// Tests that we don't fallback on connection closed with servers that implement
-// TLS_FALLBACK_SCSV. Also ensure that the original error code is reported.
+// Tests that we don't fallback, even if enabled, on connection closed with
+// servers that implement TLS_FALLBACK_SCSV. Also ensure that the original error
+// code is reported.
 TEST_F(HTTPSFallbackTest, FallbackSCSVClosed) {
   SpawnedTestServer::SSLOptions ssl_options(
       SpawnedTestServer::SSLOptions::CERT_OK);
@@ -8806,6 +8823,7 @@ TEST_F(HTTPSFallbackTest, FallbackSCSVClosed) {
   // connections are rejected.
   ssl_options.fallback_scsv_enabled = true;
 
+  set_fallback_min_version(SSL_PROTOCOL_VERSION_TLS1_1);
   ASSERT_NO_FATAL_FAILURE(DoFallbackTest(ssl_options));
 
   // The original error should be replayed on rejected fallback.
@@ -8817,7 +8835,7 @@ TEST_F(HTTPSRequestTest, FallbackProbeNoCache) {
   SpawnedTestServer::SSLOptions ssl_options(
       SpawnedTestServer::SSLOptions::CERT_OK);
   ssl_options.tls_intolerant =
-      SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_1;
+      SpawnedTestServer::SSLOptions::TLS_INTOLERANT_TLS1_2;
   ssl_options.tls_intolerance_type =
       SpawnedTestServer::SSLOptions::TLS_INTOLERANCE_CLOSE;
   ssl_options.record_resume = true;
@@ -8830,14 +8848,13 @@ TEST_F(HTTPSRequestTest, FallbackProbeNoCache) {
 
   SSLClientSocket::ClearSessionCache();
 
-  // Make a connection that does a probe fallback to TLSv1 but fails because
-  // TLSv1 fallback is disabled. We don't wish a session for this connection to
-  // be inserted locally.
+  // Make a connection that does a probe fallback to TLSv1.1 but fails because
+  // fallback is disabled. We don't wish a session for this connection to be
+  // inserted locally.
   {
     TestDelegate delegate;
     FallbackTestURLRequestContext context(true);
 
-    context.set_fallback_min_version(SSL_PROTOCOL_VERSION_TLS1_2);
     context.Init();
     scoped_ptr<URLRequest> request(context.CreateRequest(
         test_server.GetURL("/"), DEFAULT_PRIORITY, &delegate));
@@ -8852,11 +8869,11 @@ TEST_F(HTTPSRequestTest, FallbackProbeNoCache) {
               request->status().error());
   }
 
-  // Now allow TLSv1 fallback connections and request the session cache log.
+  // Now allow TLSv1.1 fallback connections and request the session cache log.
   {
     TestDelegate delegate;
     FallbackTestURLRequestContext context(true);
-    context.set_fallback_min_version(SSL_PROTOCOL_VERSION_TLS1);
+    context.set_fallback_min_version(SSL_PROTOCOL_VERSION_TLS1_1);
 
     context.Init();
     scoped_ptr<URLRequest> request(context.CreateRequest(
@@ -8868,7 +8885,7 @@ TEST_F(HTTPSRequestTest, FallbackProbeNoCache) {
     EXPECT_EQ(1, delegate.response_started_count());
     EXPECT_NE(0, delegate.bytes_received());
     EXPECT_EQ(
-        SSL_CONNECTION_VERSION_TLS1,
+        SSL_CONNECTION_VERSION_TLS1_1,
         SSLConnectionStatusToVersion(request->ssl_info().connection_status));
     EXPECT_TRUE(request->ssl_info().connection_status &
                 SSL_CONNECTION_VERSION_FALLBACK);