Disable the TLS version fallback.

This sets the default minimum TLS fallback version to TLS 1.2. The code is
retained for now to support a resurrected SSLVersionFallbackMin admin policy.
The policy is set to expire in Chrome 53, matching the timeline for the
previous fallback removal. As an escape hatch (but I don't expect to need it),
it's also connected to a field trial.

This also tweaks the fallback code. The TLS 1.0 fallback leg is now completely
gone (the admin policy expired) and ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION
hits have leveled off (see Net.ErrorCodesForMainFrame3), cap the fallback code
to TLS 1.1. We will no longer even try TLS 1.0 ClientHellos for the purposes of
showing the error code. This will decrease the amount of time it takes to show
an error page in some cases.

The ssl_version_fallback_min toggle is also tweaked to reject all values below
TLS 1.1, so that the resurrected admin policy cannot be used to set the value
at TLS 1.0 again. (Though it would be moot due to the above change.)

We'll also want to add a link to some to-be-written Help Center article on the
error page, but that'll be done separately after chatting with UI folks.

BUG=536200,583787

Review URL: https://codereview.chromium.org/1682623002

Cr-Commit-Position: refs/heads/master@{#377352}

3 files changed, 68 insertions, 2 deletions

diff --git a/components/ssl_config/ssl_config_service_manager_pref.cc b/components/ssl_config/ssl_config_service_manager_pref.cc
index 8d8cf5c..af1cd09 100644
--- a/components/ssl_config/ssl_config_service_manager_pref.cc
+++ b/components/ssl_config/ssl_config_service_manager_pref.cc
@@ -10,6 +10,7 @@
 #include <vector>
 
 #include "base/bind.h"
+#include "base/feature_list.h"
 #include "base/macros.h"
 #include "base/metrics/field_trial.h"
 #include "base/single_thread_task_runner.h"
@@ -88,6 +89,10 @@ bool IsRC4EnabledByDefault() {
   return base::StartsWith(group_name, "Enabled", base::CompareCase::SENSITIVE);
 }
 
+const base::Feature kSSLVersionFallbackTLSv11 {
+    "SSLVersionFallbackTLSv1.1", base::FEATURE_DISABLED_BY_DEFAULT,
+};
+
 }  // namespace
 
 ////////////////////////////////////////////////////////////////////////////////
@@ -197,6 +202,15 @@ SSLConfigServiceManagerPref::SSLConfigServiceManagerPref(
       ssl_config::prefs::kRC4Enabled,
       new base::FundamentalValue(IsRC4EnabledByDefault()));
 
+  // Restore the TLS 1.1 fallback leg if enabled via features.
+  // TODO(davidben): Remove this when the fallback removal has succeeded.
+  // https://crbug.com/536200.
+  if (base::FeatureList::IsEnabled(kSSLVersionFallbackTLSv11)) {
+    local_state->SetDefaultPrefValue(
+        ssl_config::prefs::kSSLVersionFallbackMin,
+        new base::StringValue(switches::kSSLVersionTLSv11));
+  }
+
   PrefChangeRegistrar::NamedChangeCallback local_state_callback =
       base::Bind(&SSLConfigServiceManagerPref::OnPreferenceChanged,
                  base::Unretained(this), local_state);
@@ -294,7 +308,9 @@ void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs(
     uint16_t supported_version_max = config->version_max;
     config->version_max = std::min(supported_version_max, version_max);
   }
-  if (version_fallback_min) {
+  // Values below TLS 1.1 are invalid.
+  if (version_fallback_min &&
+      version_fallback_min >= net::SSL_PROTOCOL_VERSION_TLS1_1) {
     config->version_fallback_min = version_fallback_min;
   }
   config->disabled_cipher_suites = disabled_cipher_suites_;
diff --git a/components/ssl_config/ssl_config_service_manager_pref_unittest.cc b/components/ssl_config/ssl_config_service_manager_pref_unittest.cc
index 72b8818..c15e72b 100644
--- a/components/ssl_config/ssl_config_service_manager_pref_unittest.cc
+++ b/components/ssl_config/ssl_config_service_manager_pref_unittest.cc
@@ -4,7 +4,11 @@
 
 #include "components/ssl_config/ssl_config_service_manager.h"
 
+#include <utility>
+
+#include "base/feature_list.h"
 #include "base/memory/ref_counted.h"
+#include "base/memory/scoped_ptr.h"
 #include "base/message_loop/message_loop.h"
 #include "base/thread_task_runner_handle.h"
 #include "base/values.h"
@@ -173,3 +177,49 @@ TEST_F(SSLConfigServiceManagerPrefTest, NoSSL3) {
   // The command-line option must not have been honored.
   EXPECT_LE(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min);
 }
+
+// Tests that fallback beyond TLS 1.0 cannot be re-enabled.
+TEST_F(SSLConfigServiceManagerPrefTest, NoTLS1Fallback) {
+  scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
+
+  TestingPrefServiceSimple local_state;
+  local_state.SetUserPref(ssl_config::prefs::kSSLVersionFallbackMin,
+                          new base::StringValue("tls1"));
+  SSLConfigServiceManager::RegisterPrefs(local_state.registry());
+
+  scoped_ptr<SSLConfigServiceManager> config_manager(
+      SSLConfigServiceManager::CreateDefaultManager(
+          &local_state, base::ThreadTaskRunnerHandle::Get()));
+  ASSERT_TRUE(config_manager.get());
+  scoped_refptr<SSLConfigService> config_service(config_manager->Get());
+  ASSERT_TRUE(config_service.get());
+
+  SSLConfig ssl_config;
+  config_service->GetSSLConfig(&ssl_config);
+  // The command-line option must not have been honored.
+  EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1_2, ssl_config.version_fallback_min);
+}
+
+// Tests that the TLS 1.1 fallback may be re-enabled via features.
+TEST_F(SSLConfigServiceManagerPrefTest, TLSFallbackFeature) {
+  // Toggle the feature.
+  base::FeatureList::ClearInstanceForTesting();
+  scoped_ptr<base::FeatureList> feature_list(new base::FeatureList);
+  feature_list->InitializeFromCommandLine("SSLVersionFallbackTLSv1.1",
+                                          std::string());
+  base::FeatureList::SetInstance(std::move(feature_list));
+
+  TestingPrefServiceSimple local_state;
+  SSLConfigServiceManager::RegisterPrefs(local_state.registry());
+
+  scoped_ptr<SSLConfigServiceManager> config_manager(
+      SSLConfigServiceManager::CreateDefaultManager(
+          &local_state, base::ThreadTaskRunnerHandle::Get()));
+  scoped_refptr<SSLConfigService> config_service(config_manager->Get());
+  ASSERT_TRUE(config_service.get());
+
+  // The feature should have switched the default version_fallback_min value.
+  SSLConfig ssl_config;
+  config_service->GetSSLConfig(&ssl_config);
+  EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1_1, ssl_config.version_fallback_min);
+}
diff --git a/components/ssl_config/ssl_config_switches.cc b/components/ssl_config/ssl_config_switches.cc
index 139593e..779149d 100644
--- a/components/ssl_config/ssl_config_switches.cc
+++ b/components/ssl_config/ssl_config_switches.cc
@@ -12,7 +12,7 @@ const char kSSLVersionMax[] = "ssl-version-max";
 // Specifies the minimum SSL/TLS version ("tls1", "tls1.1", or "tls1.2").
 const char kSSLVersionMin[] = "ssl-version-min";
 
-// Specifies the minimum SSL/TLS version ("tls1", "tls1.1", or "tls1.2") that
+// Specifies the minimum SSL/TLS version ("tls1.1" or "tls1.2") that
 // TLS fallback will accept.
 const char kSSLVersionFallbackMin[] = "ssl-version-fallback-min";