Remove SSL 2.0 support.

R=agl
BUG=53659
TEST=none
Review URL: http://codereview.chromium.org/4091005

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@67722 0039d316-1c4b-4281-b951-d872f2087c98

8 files changed, 36 insertions, 61 deletions

diff --git a/net/base/ssl_config_service.cc b/net/base/ssl_config_service.cc
index c790277..9b0a903 100644
--- a/net/base/ssl_config_service.cc
+++ b/net/base/ssl_config_service.cc
@@ -20,7 +20,7 @@ SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {}
 SSLConfig::CertAndStatus::~CertAndStatus() {}
 
 SSLConfig::SSLConfig()
-    : rev_checking_enabled(true),  ssl2_enabled(false), ssl3_enabled(true),
+    : rev_checking_enabled(true), ssl3_enabled(true),
       tls1_enabled(true), dnssec_enabled(false), snap_start_enabled(false),
       dns_cert_provenance_checking_enabled(false),
       mitm_proxies_allowed(false), false_start_enabled(true),
@@ -169,7 +169,6 @@ void SSLConfigService::RemoveObserver(Observer* observer) {
 void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config,
                                            const SSLConfig& new_config) {
   if (orig_config.rev_checking_enabled != new_config.rev_checking_enabled ||
-      orig_config.ssl2_enabled != new_config.ssl2_enabled ||
       orig_config.ssl3_enabled != new_config.ssl3_enabled ||
       orig_config.tls1_enabled != new_config.tls1_enabled) {
     FOR_EACH_OBSERVER(Observer, observer_list_, OnSSLConfigChanged());
diff --git a/net/base/ssl_config_service.h b/net/base/ssl_config_service.h
index 0639f48..0f79656 100644
--- a/net/base/ssl_config_service.h
+++ b/net/base/ssl_config_service.h
@@ -1,4 +1,4 @@
-// Copyright (c) 2006-2009 The Chromium Authors. All rights reserved.
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -18,13 +18,13 @@ namespace net {
 // A collection of SSL-related configuration settings.
 struct SSLConfig {
   // Default to revocation checking.
-  // Default to SSL 2.0 off, SSL 3.0 on, and TLS 1.0 on.
+  // Default to SSL 3.0 on and TLS 1.0 on.
   SSLConfig();
   ~SSLConfig();
 
   bool rev_checking_enabled;  // True if server certificate revocation
                               // checking is enabled.
-  bool ssl2_enabled;  // True if SSL 2.0 is enabled.
+  // SSL 2.0 is not supported.
   bool ssl3_enabled;  // True if SSL 3.0 is enabled.
   bool tls1_enabled;  // True if TLS 1.0 is enabled.
   bool dnssec_enabled;  // True if we'll accept DNSSEC chains in certificates.
@@ -112,7 +112,6 @@ class SSLConfigService : public base::RefCountedThreadSafe<SSLConfigService> {
     // data in SSLConfig, just those that qualify as a user config change.
     // The following settings are considered user changes:
     //     rev_checking_enabled
-    //     ssl2_enabled
     //     ssl3_enabled
     //     tls1_enabled
     virtual void OnSSLConfigChanged() = 0;
@@ -181,7 +180,7 @@ class SSLConfigService : public base::RefCountedThreadSafe<SSLConfigService> {
   virtual ~SSLConfigService();
 
   // SetFlags sets the values of several flags based on global configuration.
-  static void SetSSLConfigFlags(SSLConfig*);
+  static void SetSSLConfigFlags(SSLConfig* ssl_config);
 
   // Process before/after config update.
   void ProcessConfigUpdate(const SSLConfig& orig_config,
diff --git a/net/base/ssl_config_service_mac.cc b/net/base/ssl_config_service_mac.cc
index 148bba4..06f9555 100644
--- a/net/base/ssl_config_service_mac.cc
+++ b/net/base/ssl_config_service_mac.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -17,7 +17,6 @@ namespace {
 
 static const int kConfigUpdateInterval = 10;  // seconds
 
-static const bool kSSL2EnabledDefaultValue = false;
 static const bool kSSL3EnabledDefaultValue = true;
 static const bool kTLS1EnabledDefaultValue = true;
 
@@ -27,7 +26,6 @@ static CFStringRef kOCSPStyleKey = CFSTR("OCSPStyle");
 static CFStringRef kCRLStyleKey = CFSTR("CRLStyle");
 static CFStringRef kNoneRevocationValue = CFSTR("None");
 static CFStringRef kBestAttemptRevocationValue = CFSTR("BestAttempt");
-static CFStringRef kSSL2EnabledKey = CFSTR("org.chromium.ssl.ssl2");
 static CFStringRef kSSL3EnabledKey = CFSTR("org.chromium.ssl.ssl3");
 static CFStringRef kTLS1EnabledKey = CFSTR("org.chromium.ssl.tls1");
 
@@ -89,8 +87,6 @@ bool SSLConfigServiceMac::GetSSLConfigNow(SSLConfig* config) {
   config->rev_checking_enabled = (RevocationStyleIsEnabled(kOCSPStyleKey) ||
                                   RevocationStyleIsEnabled(kCRLStyleKey));
 
-  config->ssl2_enabled = SSLVersionIsEnabled(kSSL2EnabledKey,
-                                             kSSL2EnabledDefaultValue);
   config->ssl3_enabled = SSLVersionIsEnabled(kSSL3EnabledKey,
                                              kSSL3EnabledDefaultValue);
   config->tls1_enabled = SSLVersionIsEnabled(kTLS1EnabledKey,
@@ -103,14 +99,6 @@ bool SSLConfigServiceMac::GetSSLConfigNow(SSLConfig* config) {
 }
 
 // static
-void SSLConfigServiceMac::SetSSL2Enabled(bool enabled) {
-  CFPreferencesSetAppValue(kSSL2EnabledKey,
-                           enabled ? kCFBooleanTrue : kCFBooleanFalse,
-                           kCFPreferencesCurrentApplication);
-  CFPreferencesAppSynchronize(kCFPreferencesCurrentApplication);
-}
-
-// static
 void SSLConfigServiceMac::SetSSL3Enabled(bool enabled) {
   CFPreferencesSetAppValue(kSSL3EnabledKey,
                            enabled ? kCFBooleanTrue : kCFBooleanFalse,
diff --git a/net/base/ssl_config_service_mac.h b/net/base/ssl_config_service_mac.h
index 4524d95..2583e80 100644
--- a/net/base/ssl_config_service_mac.h
+++ b/net/base/ssl_config_service_mac.h
@@ -24,7 +24,6 @@ class SSLConfigServiceMac : public SSLConfigService {
 
   // Setters.  Can be called on any thread.
   static void SetRevCheckingEnabled(bool enabled);
-  static void SetSSL2Enabled(bool enabled);
   static void SetSSL3Enabled(bool enabled);
   static void SetTLS1Enabled(bool enabled);
 
diff --git a/net/base/ssl_config_service_mac_unittest.cc b/net/base/ssl_config_service_mac_unittest.cc
index c94f213..7134ad4 100644
--- a/net/base/ssl_config_service_mac_unittest.cc
+++ b/net/base/ssl_config_service_mac_unittest.cc
@@ -1,4 +1,4 @@
-// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
@@ -39,7 +39,6 @@ TEST(SSLConfigServiceMacTest, GetNowTest) {
   // Verify that the constructor sets the correct default values.
   net::SSLConfig config;
   EXPECT_TRUE(config.rev_checking_enabled);
-  EXPECT_FALSE(config.ssl2_enabled);
   EXPECT_TRUE(config.ssl3_enabled);
   EXPECT_TRUE(config.tls1_enabled);
 
@@ -69,19 +68,6 @@ TEST(SSLConfigServiceMacTest, SetTest) {
   net::SSLConfigServiceMac::SetRevCheckingEnabled(
       config_save.rev_checking_enabled);
 
-  // Test SetSSL2Enabled.
-  net::SSLConfigServiceMac::SetSSL2Enabled(true);
-  rv = net::SSLConfigServiceMac::GetSSLConfigNow(&config);
-  EXPECT_TRUE(rv);
-  EXPECT_TRUE(config.ssl2_enabled);
-
-  net::SSLConfigServiceMac::SetSSL2Enabled(false);
-  rv = net::SSLConfigServiceMac::GetSSLConfigNow(&config);
-  EXPECT_TRUE(rv);
-  EXPECT_FALSE(config.ssl2_enabled);
-
-  net::SSLConfigServiceMac::SetSSL2Enabled(config_save.ssl2_enabled);
-
   // Test SetSSL3Enabled.
   net::SSLConfigServiceMac::SetSSL3Enabled(true);
   rv = net::SSLConfigServiceMac::GetSSLConfigNow(&config);
@@ -147,15 +133,15 @@ TEST(SSLConfigServiceMacTest, ObserverTest) {
   EXPECT_TRUE(rv);
 
   net::SSLConfig config;
-  net::SSLConfigServiceMac::SetSSL2Enabled(false);
+  net::SSLConfigServiceMac::SetSSL3Enabled(false);
   config_service->GetSSLConfigAt(&config, now);
 
   // Add an observer.
   SSLConfigServiceMacObserver observer;
   config_service->AddObserver(&observer);
 
-  // Toggle SSL2.
-  net::SSLConfigServiceMac::SetSSL2Enabled(!config_save.ssl2_enabled);
+  // Toggle SSL3.
+  net::SSLConfigServiceMac::SetSSL3Enabled(!config_save.ssl3_enabled);
   config_service->GetSSLConfigAt(&config, later);
 
   // Verify that the observer was notified.
@@ -164,7 +150,7 @@ TEST(SSLConfigServiceMacTest, ObserverTest) {
   // Remove the observer.
   config_service->RemoveObserver(&observer);
 
-  // Restore the original SSL2 setting.
-  net::SSLConfigServiceMac::SetSSL2Enabled(config_save.ssl2_enabled);
+  // Restore the original SSL3 setting.
+  net::SSLConfigServiceMac::SetSSL3Enabled(config_save.ssl3_enabled);
 }
 
diff --git a/net/base/ssl_config_service_win.cc b/net/base/ssl_config_service_win.cc
index d4153c3..2f0fad7 100644
--- a/net/base/ssl_config_service_win.cc
+++ b/net/base/ssl_config_service_win.cc
@@ -29,7 +29,6 @@ static const wchar_t kProtocolsValueName[] = L"SecureProtocols";
 // The bits are OR'ed to form the DWORD value.  So 0xa0 means SSL 3.0 and
 // TLS 1.0.
 enum {
-  SSL2 = 0x08,
   SSL3 = 0x20,
   TLS1 = 0x80
 };
@@ -77,7 +76,6 @@ bool SSLConfigServiceWin::GetSSLConfigNow(SSLConfig* config) {
     protocols = PROTOCOLS_DEFAULT;
 
   config->rev_checking_enabled = (revocation != 0);
-  config->ssl2_enabled = ((protocols & SSL2) != 0);
   config->ssl3_enabled = ((protocols & SSL3) != 0);
   config->tls1_enabled = ((protocols & TLS1) != 0);
   SSLConfigService::SetSSLConfigFlags(config);
@@ -105,11 +103,6 @@ void SSLConfigServiceWin::SetRevCheckingEnabled(bool enabled) {
 }
 
 // static
-void SSLConfigServiceWin::SetSSL2Enabled(bool enabled) {
-  SetSSLVersionEnabled(SSL2, enabled);
-}
-
-// static
 void SSLConfigServiceWin::SetSSL3Enabled(bool enabled) {
   SetSSLVersionEnabled(SSL3, enabled);
 }
diff --git a/net/base/ssl_config_service_win.h b/net/base/ssl_config_service_win.h
index e5eb862..6d5b29f 100644
--- a/net/base/ssl_config_service_win.h
+++ b/net/base/ssl_config_service_win.h
@@ -29,7 +29,6 @@ class SSLConfigServiceWin : public SSLConfigService {
 
   // Setters.  Can be called on any thread.
   static void SetRevCheckingEnabled(bool enabled);
-  static void SetSSL2Enabled(bool enabled);
   static void SetSSL3Enabled(bool enabled);
   static void SetTLS1Enabled(bool enabled);
 
diff --git a/net/base/ssl_config_service_win_unittest.cc b/net/base/ssl_config_service_win_unittest.cc
index 1db4cef..09e5953 100644
--- a/net/base/ssl_config_service_win_unittest.cc
+++ b/net/base/ssl_config_service_win_unittest.cc
@@ -39,7 +39,6 @@ TEST(SSLConfigServiceWinTest, GetNowTest) {
   // Verify that the constructor sets the correct default values.
   net::SSLConfig config;
   EXPECT_EQ(true, config.rev_checking_enabled);
-  EXPECT_EQ(false, config.ssl2_enabled);
   EXPECT_EQ(true, config.ssl3_enabled);
   EXPECT_EQ(true, config.tls1_enabled);
 
@@ -69,18 +68,31 @@ TEST(SSLConfigServiceWinTest, SetTest) {
   net::SSLConfigServiceWin::SetRevCheckingEnabled(
       config_save.rev_checking_enabled);
 
-  // Test SetSSL2Enabled.
-  net::SSLConfigServiceWin::SetSSL2Enabled(true);
+  // Test SetSSL3Enabled.
+  net::SSLConfigServiceWin::SetSSL3Enabled(true);
   rv = net::SSLConfigServiceWin::GetSSLConfigNow(&config);
   EXPECT_TRUE(rv);
-  EXPECT_TRUE(config.ssl2_enabled);
+  EXPECT_TRUE(config.ssl3_enabled);
 
-  net::SSLConfigServiceWin::SetSSL2Enabled(false);
+  net::SSLConfigServiceWin::SetSSL3Enabled(false);
   rv = net::SSLConfigServiceWin::GetSSLConfigNow(&config);
   EXPECT_TRUE(rv);
-  EXPECT_FALSE(config.ssl2_enabled);
+  EXPECT_FALSE(config.ssl3_enabled);
 
-  net::SSLConfigServiceWin::SetSSL2Enabled(config_save.ssl2_enabled);
+  net::SSLConfigServiceWin::SetSSL3Enabled(config_save.ssl3_enabled);
+
+  // Test SetTLS1Enabled.
+  net::SSLConfigServiceWin::SetTLS1Enabled(true);
+  rv = net::SSLConfigServiceWin::GetSSLConfigNow(&config);
+  EXPECT_TRUE(rv);
+  EXPECT_TRUE(config.tls1_enabled);
+
+  net::SSLConfigServiceWin::SetTLS1Enabled(false);
+  rv = net::SSLConfigServiceWin::GetSSLConfigNow(&config);
+  EXPECT_TRUE(rv);
+  EXPECT_FALSE(config.tls1_enabled);
+
+  net::SSLConfigServiceWin::SetTLS1Enabled(config_save.tls1_enabled);
 
   // Test SetSSL3Enabled.
   net::SSLConfigServiceWin::SetSSL3Enabled(true);
@@ -147,15 +159,15 @@ TEST(SSLConfigServiceWinTest, ObserverTest) {
   EXPECT_TRUE(rv);
 
   net::SSLConfig config;
-  net::SSLConfigServiceWin::SetSSL2Enabled(false);
+  net::SSLConfigServiceWin::SetSSL3Enabled(false);
   config_service->GetSSLConfigAt(&config, now);
 
   // Add an observer.
   SSLConfigServiceWinObserver observer;
   config_service->AddObserver(&observer);
 
-  // Toggle SSL2.
-  net::SSLConfigServiceWin::SetSSL2Enabled(!config_save.ssl2_enabled);
+  // Toggle SSL3.
+  net::SSLConfigServiceWin::SetSSL3Enabled(!config_save.ssl3_enabled);
   config_service->GetSSLConfigAt(&config, later);
 
   // Verify that the observer was notified.
@@ -164,7 +176,7 @@ TEST(SSLConfigServiceWinTest, ObserverTest) {
   // Remove the observer.
   config_service->RemoveObserver(&observer);
 
-  // Restore the original SSL2 setting.
-  net::SSLConfigServiceWin::SetSSL2Enabled(config_save.ssl2_enabled);
+  // Restore the original SSL3 setting.
+  net::SSLConfigServiceWin::SetSSL3Enabled(config_save.ssl3_enabled);
 }