Use TLS 1.1.

Enable SSL 3.0 ~ TLS 1.1 by default. If the SSLClientSocket class does
not support TLS 1.1, enable SSL 3.0 ~ TLS 1.0 by default.

TLS intolerant servers are handled by falling back to the next lower
protocol version at a time, rather than falling back to SSL 3.0 directly.

In the SSLConfig structure, replace the ssl3_enabled and tls1_enabled
members by version_min and version_max to allow multiple, contiguous
protocol versions to be enabled, and rename the ssl3_fallback member to
version_fallback.

The preferences prefs::kSSL3Enabled and prefs::kTLS1Enabled are not
yet removed. Generalize prefs::kTLS1Enabled to mean enabling or
disabling all TLS versions.

R=agl@chromium.org,rsleevi@chromium.org
BUG=126340
TEST=net_unittests --gtest_filter=HTTPSRequestTest.TLSv1Fallback

Review URL: https://chromiumcodereview.appspot.com/10377022

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@139204 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 3 insertions, 3 deletions

diff --git a/net/base/ssl_connection_status_flags.h b/net/base/ssl_connection_status_flags.h
index 9596f00..bf349ce 100644
--- a/net/base/ssl_connection_status_flags.h
+++ b/net/base/ssl_connection_status_flags.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -18,8 +18,8 @@ enum {
   SSL_CONNECTION_COMPRESSION_SHIFT = 16,
   SSL_CONNECTION_COMPRESSION_MASK = 3,
 
-  // We fell back to SSLv3 for this connection.
-  SSL_CONNECTION_SSL3_FALLBACK = 1 << 18,
+  // We fell back to an older protocol version for this connection.
+  SSL_CONNECTION_VERSION_FALLBACK = 1 << 18,
 
   // The server doesn't support the renegotiation_info extension. If this bit
   // is not set then either the extension isn't supported, or we don't have any