Reland 141941 - Allow ERR_CONNECTION_RESET during the SSL handshake to trigger a

TLS 1.1 -> TLS 1.0 fallback.

R=agl@chromium.org,rsleevi@chromium.org
BUG=130293,126340
TEST=none

Review URL: https://chromiumcodereview.appspot.com/10493003

TBR=wtc@chromium.org
Review URL: https://chromiumcodereview.appspot.com/10815012

git-svn-id: svn://svn.chromium.org/chrome/branches/1180/src@147512 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 17 insertions, 0 deletions

diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index d60547f..32e70f8 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -2050,6 +2050,23 @@ int SSLClientSocketNSS::Core::DoHandshake() {
     PRErrorCode prerr = PR_GetError();
     net_error = HandleNSSError(prerr, true);
 
+    // Some network devices that inspect application-layer packets seem to
+    // inject TCP reset packets to break the connections when they see
+    // TLS 1.1 in ClientHello or ServerHello. See http://crbug.com/130293.
+    //
+    // Only allow ERR_CONNECTION_RESET to trigger a TLS 1.1 -> TLS 1.0
+    // fallback. We don't lose much in this fallback because the explicit
+    // IV for CBC mode in TLS 1.1 is approximated by record splitting in
+    // TLS 1.0.
+    //
+    // ERR_CONNECTION_RESET is a common network error, so we don't want it
+    // to trigger a version fallback in general, especially the TLS 1.0 ->
+    // SSL 3.0 fallback, which would drop TLS extensions.
+    if (prerr == PR_CONNECT_RESET_ERROR &&
+        ssl_config_.version_max == SSL_PROTOCOL_VERSION_TLS1_1) {
+      net_error = ERR_SSL_PROTOCOL_ERROR;
+    }
+
     // If not done, stay in this state
     if (net_error == ERR_IO_PENDING) {
       GotoState(STATE_HANDSHAKE);