Handle the TLS version fallback on the bad_record_mac alert error in

http_network_transaction.cc, so that it applies to SSLClientSockets
based on both NSS and OpenSSL.

R=agl@chromium.org,rsleevi@chromium.org
BUG=260358
TEST=net_unittests, plus manual testing: visit https://www.web-secured.com/.
Should get a successful TLS 1.0 connection, rather than
ERR_SSL_BAD_RECORD_MAC_ALERT.

Review URL: https://chromiumcodereview.appspot.com/22633004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@216836 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 0 insertions, 9 deletions

diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index d1f2832..72154bb 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -1861,15 +1861,6 @@ int SSLClientSocketNSS::Core::DoHandshake() {
       net_error = ERR_SSL_PROTOCOL_ERROR;
     }
 
-    // Some broken SSL devices negotiate TLS 1.0 when sent a TLS 1.1 or 1.2
-    // ClientHello, but then return a bad-record-MAC alert. See
-    // crbug.com/260358. In order to make the fallback as minimal as possible,
-    // this fallback is only triggered for >= TLS 1.1.
-    if (net_error == ERR_SSL_BAD_RECORD_MAC_ALERT &&
-        ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1_1) {
-      net_error = ERR_SSL_PROTOCOL_ERROR;
-    }
-
     // If not done, stay in this state
     if (net_error == ERR_IO_PENDING) {
       GotoState(STATE_HANDSHAKE);