The Schannel considers some cipher suites (e.g., the

AES cipher suites) to be TLS only, and won't allow
them to be used in SSL 3.0.  If an SSL 3.0 server
picks such a cipher suite, we need to handle it as
if it were TLS intolerant by turning off TLS and
retrying.

R=darin
BUG=3203,3001
Review URL: http://codereview.chromium.org/7242

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@3295 0039d316-1c4b-4281-b951-d872f2087c98

2 files changed, 24 insertions, 13 deletions

diff --git a/net/http/http_network_transaction.cc b/net/http/http_network_transaction.cc
index 3ee086c..9d2c398 100644
--- a/net/http/http_network_transaction.cc
+++ b/net/http/http_network_transaction.cc
@@ -496,10 +496,10 @@ int HttpNetworkTransaction::DoConnectComplete(int result) {
     next_state_ = STATE_WRITE_HEADERS;
     if (using_tunnel_)
       establishing_tunnel_ = true;
-  } else if (result == ERR_SSL_PROTOCOL_ERROR) {
-    result = HandleSSLHandshakeError(result);
   } else {
-    result = ReconsiderProxyAfterError(result);
+    result = HandleSSLHandshakeError(result);
+    if (result != OK)
+      result = ReconsiderProxyAfterError(result);
   }
   return result;
 }
@@ -521,7 +521,7 @@ int HttpNetworkTransaction::DoSSLConnectOverTunnelComplete(int result) {
 
   if (result == OK) {
     next_state_ = STATE_WRITE_HEADERS;
-  } else if (result == ERR_SSL_PROTOCOL_ERROR) {
+  } else {
     result = HandleSSLHandshakeError(result);
   }
   return result;
@@ -881,13 +881,19 @@ int HttpNetworkTransaction::HandleCertificateError(int error) {
 
 int HttpNetworkTransaction::HandleSSLHandshakeError(int error) {
 #if defined(OS_WIN)
-  if (ssl_version_mask_ & SSLClientSocket::TLS1) {
-    // This could be a TLS-intolerant server.  Turn off TLS 1.0 and retry.
-    ssl_version_mask_ &= ~SSLClientSocket::TLS1;
-    connection_.set_socket(NULL);
-    connection_.Reset();
-    next_state_ = STATE_INIT_CONNECTION;
-    error = OK;
+  switch (error) {
+    case ERR_SSL_PROTOCOL_ERROR:
+    case ERR_SSL_VERSION_OR_CIPHER_MISMATCH:
+      if (ssl_version_mask_ & SSLClientSocket::TLS1) {
+        // This could be a TLS-intolerant server or an SSL 3.0 server that
+        // chose a TLS-only cipher suite.  Turn off TLS 1.0 and retry.
+        ssl_version_mask_ &= ~SSLClientSocket::TLS1;
+        connection_.set_socket(NULL);
+        connection_.Reset();
+        next_state_ = STATE_INIT_CONNECTION;
+        error = OK;
+      }
+      break;
   }
 #endif
   return error;
diff --git a/net/http/http_transaction_winhttp.cc b/net/http/http_transaction_winhttp.cc
index 14d82a6..239d93d 100644
--- a/net/http/http_transaction_winhttp.cc
+++ b/net/http/http_transaction_winhttp.cc
@@ -58,6 +58,8 @@ static int TranslateOSError(DWORD error) {
     case ERROR_WINHTTP_SECURE_FAILURE:
     case SEC_E_ILLEGAL_MESSAGE:
       return ERR_SSL_PROTOCOL_ERROR;
+    case SEC_E_ALGORITHM_MISMATCH:
+      return ERR_SSL_VERSION_OR_CIPHER_MISMATCH;
     case ERROR_WINHTTP_CLIENT_AUTH_CERT_NEEDED:
       return ERR_SSL_CLIENT_AUTH_CERT_NEEDED;
     case ERROR_WINHTTP_UNRECOGNIZED_SCHEME:
@@ -1343,10 +1345,13 @@ int HttpTransactionWinHttp::DidReceiveError(DWORD error,
   last_error_ = error;
   rv = TranslateOSError(error);
 
-  if (rv == ERR_SSL_PROTOCOL_ERROR &&
+  if ((rv == ERR_SSL_PROTOCOL_ERROR ||
+       rv == ERR_SSL_VERSION_OR_CIPHER_MISMATCH) &&
       !session_callback_->request_was_probably_sent() &&
       session_->tls_enabled() && !is_tls_intolerant_) {
-    // The server might be TLS intolerant.  Downgrade to SSL 3.0 and retry.
+    // The server might be TLS intolerant.  Or it might be an SSL 3.0 server
+    // that chose a TLS-only cipher suite, which we handle in the same way.
+    // Downgrade to SSL 3.0 and retry.
     is_tls_intolerant_ = true;
     if (!ReopenRequest())
       return TranslateLastOSError();