Fail the SPDY transaction if it does not meet TLS base requirements.

* Generally follows guidelines in https://http2.github.io/http2-spec/#TLSUsage.
* Apply only to SPDY4+ versions
* Fail the stream job if the TLS version for SPDY is too old (<1.2)
* Fail the stream job if the TLS cipher suite is sucky. Note that we're stricter here than the HTTP/2 spec.

Also added while implementing this CL:
* Add SSLConnectionStatus setters.
* Add ability for SSLSocketDataProvider to set SSLConnectionStatus.
* Add modern cipher suite check into net/ssl.

BUG=374957

Review URL: https://codereview.chromium.org/291093002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@272467 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 4 insertions, 0 deletions

diff --git a/net/spdy/spdy_session.h b/net/spdy/spdy_session.h
index 80578b8..51ed3f2 100644
--- a/net/spdy/spdy_session.h
+++ b/net/spdy/spdy_session.h
@@ -469,6 +469,10 @@ class NET_EXPORT SpdySession : public BufferedSpdyFramerVisitorInterface,
     return buffered_spdy_framer_->GetDataFrameMaximumPayload();
   }
 
+  // https://http2.github.io/http2-spec/#TLSUsage mandates minimum security
+  // standards for TLS.
+  bool HasAcceptableTransportSecurity() const;
+
   // Must be used only by |pool_|.
   base::WeakPtr<SpdySession> GetWeakPtr();