Remove insecure QUIC support from Chromium.

Review URL: https://codereview.chromium.org/1393713003

Cr-Commit-Position: refs/heads/master@{#355214}

15 files changed, 376 insertions, 653 deletions

diff --git a/net/base/net_error_list.h b/net/base/net_error_list.h
index e53c4b0..296024b 100644
--- a/net/base/net_error_list.h
+++ b/net/base/net_error_list.h
@@ -626,8 +626,9 @@ NET_ERROR(RESPONSE_HEADERS_TRUNCATED, -357)
 // to read any requests sent, so they may be resent.
 NET_ERROR(QUIC_HANDSHAKE_FAILED, -358)
 
-// An https resource was requested over an insecure QUIC connection.
-NET_ERROR(REQUEST_FOR_SECURE_RESOURCE_OVER_INSECURE_QUIC, -359)
+// Obsolete.  Kept here to avoid reuse, as the old error can still appear on
+// histograms.
+// NET_ERROR(REQUEST_FOR_SECURE_RESOURCE_OVER_INSECURE_QUIC, -359)
 
 // Transport security is inadequate for the SPDY version.
 NET_ERROR(SPDY_INADEQUATE_TRANSPORT_SECURITY, -360)
diff --git a/net/http/http_network_session.cc b/net/http/http_network_session.cc
index 777d721..e126a64 100644
--- a/net/http/http_network_session.cc
+++ b/net/http/http_network_session.cc
@@ -94,7 +94,6 @@ HttpNetworkSession::Params::Params()
       use_alternative_services(false),
       alternative_service_probability_threshold(1),
       enable_quic(false),
-      enable_insecure_quic(false),
       enable_quic_for_proxies(false),
       enable_quic_port_selection(true),
       quic_always_require_handshake_confirmation(false),
diff --git a/net/http/http_network_session.h b/net/http/http_network_session.h
index 75aea10..5353c47 100644
--- a/net/http/http_network_session.h
+++ b/net/http/http_network_session.h
@@ -113,8 +113,6 @@ class NET_EXPORT HttpNetworkSession
 
     // Enables QUIC support.
     bool enable_quic;
-    // Enables insecure QUIC (http:// URLs) support, if enable_quic is true.
-    bool enable_insecure_quic;
     // Enables QUIC for proxies.
     bool enable_quic_for_proxies;
     // Instruct QUIC to use consistent ephemeral ports when talking to
diff --git a/net/http/http_stream_factory_impl.cc b/net/http/http_stream_factory_impl.cc
index 2a8664e..4d32ffc 100644
--- a/net/http/http_stream_factory_impl.cc
+++ b/net/http/http_stream_factory_impl.cc
@@ -211,8 +211,7 @@ AlternativeServiceVector HttpStreamFactoryImpl::GetAlternativeServicesFor(
     if (session_->quic_stream_factory()->IsQuicDisabled(origin.port()))
       continue;
 
-    if (!session_->params().enable_insecure_quic &&
-        !original_url.SchemeIs("https")) {
+    if (!original_url.SchemeIs("https")) {
       continue;
     }
 
diff --git a/net/http/http_stream_factory_impl_job.cc b/net/http/http_stream_factory_impl_job.cc
index 27c02cd..33476a0 100644
--- a/net/http/http_stream_factory_impl_job.cc
+++ b/net/http/http_stream_factory_impl_job.cc
@@ -775,7 +775,7 @@ int HttpStreamFactoryImpl::Job::DoResolveProxyComplete(int result) {
 bool HttpStreamFactoryImpl::Job::ShouldForceQuic() const {
   return session_->params().enable_quic &&
          session_->params().origin_to_force_quic_on.Equals(server_) &&
-         proxy_info_.is_direct();
+         proxy_info_.is_direct() && origin_url_.SchemeIs("https");
 }
 
 int HttpStreamFactoryImpl::Job::DoWaitForJob() {
@@ -834,31 +834,29 @@ int HttpStreamFactoryImpl::Job::DoInitConnection() {
     }
     HostPortPair destination;
     std::string origin_host;
-    bool secure_quic;
     SSLConfig* ssl_config;
     if (proxy_info_.is_quic()) {
       // A proxy's certificate is expected to be valid for the proxy hostname.
       destination = proxy_info_.proxy_server().host_port_pair();
       origin_host = destination.host();
-      secure_quic = true;
       ssl_config = &proxy_ssl_config_;
 
       // If QUIC is disabled on the destination port, return error.
       if (session_->quic_stream_factory()->IsQuicDisabled(destination.port()))
         return ERR_QUIC_PROTOCOL_ERROR;
     } else {
+      DCHECK(using_ssl_);
       // The certificate of a QUIC alternative server is expected to be valid
       // for the origin of the request (in addition to being valid for the
       // server itself).
       destination = server_;
       origin_host = origin_url_.host();
-      secure_quic = using_ssl_;
       ssl_config = &server_ssl_config_;
     }
-    int rv = quic_request_.Request(
-        destination, secure_quic, request_info_.privacy_mode,
-        ssl_config->GetCertVerifyFlags(), origin_host, request_info_.method,
-        net_log_, io_callback_);
+    int rv =
+        quic_request_.Request(destination, request_info_.privacy_mode,
+                              ssl_config->GetCertVerifyFlags(), origin_host,
+                              request_info_.method, net_log_, io_callback_);
     if (rv == OK) {
       using_existing_quic_session_ = true;
     } else {
diff --git a/net/quic/quic_end_to_end_unittest.cc b/net/quic/quic_end_to_end_unittest.cc
index 7b4bb5a..b5ce9bd 100644
--- a/net/quic/quic_end_to_end_unittest.cc
+++ b/net/quic/quic_end_to_end_unittest.cc
@@ -9,6 +9,7 @@
 #include "base/strings/string_number_conversions.h"
 #include "net/base/elements_upload_data_stream.h"
 #include "net/base/test_completion_callback.h"
+#include "net/base/test_data_directory.h"
 #include "net/base/upload_bytes_element_reader.h"
 #include "net/base/upload_data_stream.h"
 #include "net/cert/mock_cert_verifier.h"
@@ -21,8 +22,10 @@
 #include "net/http/http_transaction_test_util.h"
 #include "net/http/transport_security_state.h"
 #include "net/proxy/proxy_service.h"
+#include "net/quic/test_tools/crypto_test_utils.h"
 #include "net/quic/test_tools/quic_test_utils.h"
 #include "net/ssl/ssl_config_service_defaults.h"
+#include "net/test/cert_test_util.h"
 #include "net/tools/quic/quic_in_memory_cache.h"
 #include "net/tools/quic/quic_server.h"
 #include "net/tools/quic/test_tools/quic_in_memory_cache_peer.h"
@@ -81,7 +84,7 @@ class QuicEndToEndTest : public PlatformTest {
             HttpAuthHandlerFactory::CreateDefault(&host_resolver_)),
         strike_register_no_startup_period_(false) {
     request_.method = "GET";
-    request_.url = GURL("http://www.google.com/");
+    request_.url = GURL("https://test.example.com/");
     request_.load_flags = 0;
 
     params_.enable_quic = true;
@@ -94,13 +97,25 @@ class QuicEndToEndTest : public PlatformTest {
     params_.ssl_config_service = ssl_config_service_.get();
     params_.http_auth_handler_factory = auth_handler_factory_.get();
     params_.http_server_properties = http_server_properties.GetWeakPtr();
+
+    net::CertVerifyResult verify_result;
+    verify_result.verified_cert = ImportCertFromFile(
+        GetTestCertsDirectory(), "quic_test.example.com.crt");
+    cert_verifier_.AddResultForCertAndHost(verify_result.verified_cert.get(),
+                                           "test.example.com", verify_result,
+                                           OK);
+    verify_result.verified_cert = ImportCertFromFile(
+        GetTestCertsDirectory(), "quic_test_ecc.example.com.crt");
+    cert_verifier_.AddResultForCertAndHost(verify_result.verified_cert.get(),
+                                           "test.example.com", verify_result,
+                                           OK);
   }
 
-  // Creates a mock host resolver in which www.google.com
+  // Creates a mock host resolver in which test.example.com
   // resolves to localhost.
   static MockHostResolver* CreateResolverImpl() {
     MockHostResolver* resolver = new MockHostResolver();
-    resolver->rules()->AddRule("www.google.com", "127.0.0.1");
+    resolver->rules()->AddRule("test.example.com", "127.0.0.1");
     return resolver;
   }
 
@@ -108,16 +123,16 @@ class QuicEndToEndTest : public PlatformTest {
     QuicInMemoryCachePeer::ResetForTests();
     StartServer();
 
-    // Use a mapped host resolver so that request for www.google.com (port 80)
+    // Use a mapped host resolver so that request for test.example.com (port 80)
     // reach the server running on localhost.
-    std::string map_rule = "MAP www.google.com www.google.com:" +
-        base::IntToString(server_thread_->GetPort());
+    std::string map_rule = "MAP test.example.com test.example.com:" +
+                           base::IntToString(server_thread_->GetPort());
     EXPECT_TRUE(host_resolver_.AddRuleFromString(map_rule));
 
     // To simplify the test, and avoid the race with the HTTP request, we force
     // QUIC for these requests.
     params_.origin_to_force_quic_on =
-        HostPortPair::FromString("www.google.com:80");
+        HostPortPair::FromString("test.example.com:443");
 
     transaction_factory_.reset(new TestTransactionFactory(params_));
   }
@@ -136,10 +151,12 @@ class QuicEndToEndTest : public PlatformTest {
         kInitialStreamFlowControlWindowForTest);
     server_config_.SetInitialSessionFlowControlWindowToSend(
         kInitialSessionFlowControlWindowForTest);
-    server_thread_.reset(new ServerThread(
-        new QuicServer(server_config_, QuicSupportedVersions()),
-        /*is_secure=*/true, server_address_,
-        strike_register_no_startup_period_));
+    QuicServer* server =
+        new QuicServer(server_config_, QuicSupportedVersions());
+    server_thread_.reset(new ServerThread(server, /*is_secure=*/true,
+                                          server_address_,
+                                          strike_register_no_startup_period_));
+    server->SetProofSource(CryptoTestUtils::ProofSourceForTesting());
     server_thread_->Initialize();
     server_address_ = IPEndPoint(server_address_.address(),
                                  server_thread_->GetPort());
@@ -165,7 +182,7 @@ class QuicEndToEndTest : public PlatformTest {
                   StringPiece response_detail,
                   StringPiece body) {
     QuicInMemoryCache::GetInstance()->AddSimpleResponse(
-        "www.google.com", path, response_code, response_detail, body);
+        "test.example.com", path, response_code, response_detail, body);
   }
 
   // Populates |request_body_| with |length_| ASCII bytes.
@@ -187,7 +204,7 @@ class QuicEndToEndTest : public PlatformTest {
     upload_data_stream_.reset(
         new ElementsUploadDataStream(element_readers.Pass(), 0));
     request_.method = "POST";
-    request_.url = GURL("http://www.google.com/");
+    request_.url = GURL("https://test.example.com/");
     request_.upload_data_stream = upload_data_stream_.get();
     ASSERT_EQ(OK, request_.upload_data_stream->Init(CompletionCallback()));
   }
@@ -197,7 +214,7 @@ class QuicEndToEndTest : public PlatformTest {
                      const std::string& status_line,
                      const std::string& body) {
     ASSERT_TRUE(consumer.is_done());
-    EXPECT_EQ(OK, consumer.error());
+    ASSERT_EQ(OK, consumer.error());
     EXPECT_EQ(status_line,
               consumer.response_info()->headers->GetStatusLine());
     EXPECT_EQ(body, consumer.content());
diff --git a/net/quic/quic_http_stream.cc b/net/quic/quic_http_stream.cc
index 9e327b1..2414d0f 100644
--- a/net/quic/quic_http_stream.cc
+++ b/net/quic/quic_http_stream.cc
@@ -66,16 +66,6 @@ int QuicHttpStream::InitializeStream(const HttpRequestInfo* request_info,
       NetLog::TYPE_HTTP_STREAM_REQUEST_BOUND_TO_QUIC_SESSION,
       session_->net_log().source().ToEventParametersCallback());
 
-  if (request_info->url.SchemeIsCryptographic()) {
-    SSLInfo ssl_info;
-    bool secure_session =
-        session_->GetSSLInfo(&ssl_info) && ssl_info.cert.get();
-    UMA_HISTOGRAM_BOOLEAN("Net.QuicSession.SecureResourceSecureSession",
-                          secure_session);
-    if (!secure_session)
-      return ERR_REQUEST_FOR_SECURE_RESOURCE_OVER_INSECURE_QUIC;
-  }
-
   stream_net_log_ = stream_net_log;
   request_info_ = request_info;
   request_time_ = base::Time::Now();
diff --git a/net/quic/quic_network_transaction_unittest.cc b/net/quic/quic_network_transaction_unittest.cc
index d58f2246..378a663 100644
--- a/net/quic/quic_network_transaction_unittest.cc
+++ b/net/quic/quic_network_transaction_unittest.cc
@@ -55,24 +55,20 @@ namespace test {
 
 namespace {
 
-static const char kQuicAlternateProtocolHttpHeader[] =
-    "Alternate-Protocol: 80:quic\r\n\r\n";
-static const char kQuicAlternateProtocol50pctHttpHeader[] =
-    "Alternate-Protocol: 80:quic,p=.5\r\n\r\n";
-static const char kQuicAlternateProtocolDifferentPortHttpHeader[] =
-    "Alternate-Protocol: 137:quic\r\n\r\n";
-static const char kQuicAlternateProtocolHttpsHeader[] =
+static const char kQuicAlternateProtocolHeader[] =
     "Alternate-Protocol: 443:quic\r\n\r\n";
-static const char kQuicAlternativeServiceHttpHeader[] =
-    "Alt-Svc: quic=\":80\"\r\n\r\n";
-static const char kQuicAlternativeService50pctHttpHeader[] =
-    "Alt-Svc: quic=\":80\";p=\".5\"\r\n\r\n";
-static const char kQuicAlternativeServiceDifferentPortHttpHeader[] =
-    "Alt-Svc: quic=\":137\"\r\n\r\n";
-static const char kQuicAlternativeServiceHttpsHeader[] =
+static const char kQuicAlternateProtocol50pctHeader[] =
+    "Alternate-Protocol: 443:quic,p=.5\r\n\r\n";
+static const char kQuicAlternateProtocolDifferentPortHeader[] =
+    "Alternate-Protocol: 137:quic\r\n\r\n";
+static const char kQuicAlternativeServiceHeader[] =
     "Alt-Svc: quic=\":443\"\r\n\r\n";
+static const char kQuicAlternativeService50pctHeader[] =
+    "Alt-Svc: quic=\":443\";p=\".5\"\r\n\r\n";
+static const char kQuicAlternativeServiceDifferentPortHeader[] =
+    "Alt-Svc: quic=\":137\"\r\n\r\n";
 
-const char kDefaultServerHostName[] = "www.google.com";
+const char kDefaultServerHostName[] = "mail.example.com";
 
 }  // namespace
 
@@ -209,13 +205,20 @@ class QuicNetworkTransactionTest
         auth_handler_factory_(
             HttpAuthHandlerFactory::CreateDefault(&host_resolver_)),
         random_generator_(0),
-        hanging_data_(nullptr, 0, nullptr, 0) {
+        hanging_data_(nullptr, 0, nullptr, 0),
+        ssl_data_(ASYNC, OK) {
     request_.method = "GET";
-    std::string url("http://");
+    std::string url("https://");
     url.append(kDefaultServerHostName);
     request_.url = GURL(url);
     request_.load_flags = 0;
     clock_->AdvanceTime(QuicTime::Delta::FromMilliseconds(20));
+
+    scoped_refptr<X509Certificate> cert(
+        ImportCertFromFile(GetTestCertsDirectory(), "spdy_pooling.pem"));
+    verify_details_.cert_verify_result.verified_cert = cert;
+    verify_details_.cert_verify_result.is_issued_by_known_root = true;
+    crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details_);
   }
 
   void SetUp() override {
@@ -377,7 +380,7 @@ class QuicNetworkTransactionTest
   }
 
   void SendRequestAndExpectQuicResponse(const std::string& expected) {
-    SendRequestAndExpectQuicResponseMaybeFromProxy(expected, false, 80);
+    SendRequestAndExpectQuicResponseMaybeFromProxy(expected, false, 443);
   }
 
   void SendRequestAndExpectQuicResponseOnPort(const std::string& expected,
@@ -395,7 +398,7 @@ class QuicNetworkTransactionTest
       MockCryptoClientStream::HandshakeMode handshake_mode) {
     crypto_client_stream_factory_.set_handshake_mode(handshake_mode);
     HostPortPair host_port_pair = HostPortPair::FromURL(request_.url);
-    AlternativeService alternative_service(QUIC, host_port_pair.host(), 80);
+    AlternativeService alternative_service(QUIC, host_port_pair.host(), 443);
     base::Time expiration = base::Time::Now() + base::TimeDelta::FromDays(1);
     http_server_properties_.SetAlternativeService(
         host_port_pair, alternative_service, 1.0, expiration);
@@ -422,12 +425,14 @@ class QuicNetworkTransactionTest
     MockConnect hanging_connect(SYNCHRONOUS, ERR_IO_PENDING);
     hanging_data_.set_connect_data(hanging_connect);
     socket_factory_.AddSocketDataProvider(&hanging_data_);
+    socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
   }
 
   MockClock* clock_;  // Owned by QuicStreamFactory after CreateSession.
   QuicTestPacketMaker maker_;
   scoped_ptr<HttpNetworkSession> session_;
   MockClientSocketFactory socket_factory_;
+  ProofVerifyDetailsChromium verify_details_;
   MockCryptoClientStreamFactory crypto_client_stream_factory_;
   MockHostResolver host_resolver_;
   MockCertVerifier cert_verifier_;
@@ -442,6 +447,7 @@ class QuicNetworkTransactionTest
   HttpRequestInfo request_;
   BoundTestNetLog net_log_;
   StaticSocketDataProvider hanging_data_;
+  SSLSocketDataProvider ssl_data_;
 
  private:
   void SendRequestAndExpectQuicResponseMaybeFromProxy(
@@ -466,15 +472,13 @@ INSTANTIATE_TEST_CASE_P(Version, QuicNetworkTransactionTest,
                         ::testing::ValuesIn(QuicSupportedVersions()));
 
 TEST_P(QuicNetworkTransactionTest, ForceQuic) {
-  // TODO(rch): switch these tests to use secure QUIC.
-  params_.enable_insecure_quic = true;
   params_.origin_to_force_quic_on =
-      HostPortPair::FromString("www.google.com:80");
+      HostPortPair::FromString("mail.example.com:443");
 
   MockQuicData mock_quic_data;
   mock_quic_data.AddWrite(
       ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "http", "/")));
+                                    GetRequestHeaders("GET", "https", "/")));
   mock_quic_data.AddRead(
       ConstructResponseHeadersPacket(1, kClientDataStreamId1, false, false,
                                      GetResponseHeaders("200 OK")));
@@ -537,9 +541,9 @@ TEST_P(QuicNetworkTransactionTest, ForceQuic) {
 }
 
 TEST_P(QuicNetworkTransactionTest, QuicProxy) {
-  params_.enable_insecure_quic = true;
   params_.enable_quic_for_proxies = true;
-  proxy_service_ = ProxyService::CreateFixedFromPacResult("QUIC myproxy:70");
+  proxy_service_ =
+      ProxyService::CreateFixedFromPacResult("QUIC mail.example.com:70");
 
   MockQuicData mock_quic_data;
   mock_quic_data.AddWrite(
@@ -561,6 +565,7 @@ TEST_P(QuicNetworkTransactionTest, QuicProxy) {
   // There is no need to set up an alternate protocol job, because
   // no attempt will be made to speak to the proxy over TCP.
 
+  request_.url = GURL("http://mail.example.com/");
   CreateSession();
 
   SendRequestAndExpectQuicResponseFromProxyOnPort("hello!", 70);
@@ -575,7 +580,6 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyWithCert) {
   const std::string origin_host = "news.example.com";
   const std::string proxy_host = "www.example.org";
 
-  params_.enable_insecure_quic = true;
   params_.enable_quic_for_proxies = true;
   proxy_service_ =
       ProxyService::CreateFixedFromPacResult("QUIC " + proxy_host + ":70");
@@ -604,6 +608,9 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyWithCert) {
   ProofVerifyDetailsChromium verify_details;
   verify_details.cert_verify_result.verified_cert = cert;
   crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
+  ProofVerifyDetailsChromium verify_details2;
+  verify_details2.cert_verify_result.verified_cert = cert;
+  crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details2);
 
   request_.url = GURL("http://" + origin_host);
   AddHangingNonAlternateProtocolSocketData();
@@ -613,9 +620,8 @@ TEST_P(QuicNetworkTransactionTest, QuicProxyWithCert) {
 }
 
 TEST_P(QuicNetworkTransactionTest, ForceQuicWithErrorConnecting) {
-  params_.enable_insecure_quic = true;
   params_.origin_to_force_quic_on =
-      HostPortPair::FromString("www.google.com:80");
+      HostPortPair::FromString("mail.example.com:443");
 
   MockQuicData mock_quic_data1;
   mock_quic_data1.AddRead(ASYNC, ERR_SOCKET_NOT_CONNECTED);
@@ -640,46 +646,22 @@ TEST_P(QuicNetworkTransactionTest, ForceQuicWithErrorConnecting) {
   }
 }
 
-TEST_P(QuicNetworkTransactionTest, DoNotForceQuicForHttps) {
-  // Attempt to "force" quic on 443, which will not be honored.
-  params_.origin_to_force_quic_on =
-      HostPortPair::FromString("www.google.com:443");
-
-  MockRead http_reads[] = {
-    MockRead("HTTP/1.1 200 OK\r\n\r\n"),
-    MockRead("hello world"),
-    MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ),
-    MockRead(ASYNC, OK)
-  };
-
-  StaticSocketDataProvider data(http_reads, arraysize(http_reads), nullptr, 0);
-  socket_factory_.AddSocketDataProvider(&data);
-  SSLSocketDataProvider ssl(ASYNC, OK);
-  socket_factory_.AddSSLSocketDataProvider(&ssl);
-
-  CreateSession();
-
-  SendRequestAndExpectHttpResponse("hello world");
-  EXPECT_EQ(0U, test_network_quality_estimator_->GetWatchersCreated());
-}
-
 TEST_P(QuicNetworkTransactionTest, UseAlternativeServiceForQuic) {
-  params_.enable_insecure_quic = true;
-
   MockRead http_reads[] = {
-      MockRead("HTTP/1.1 200 OK\r\n"),
-      MockRead(kQuicAlternativeServiceHttpHeader), MockRead("hello world"),
+      MockRead("HTTP/1.1 200 OK\r\n"), MockRead(kQuicAlternativeServiceHeader),
+      MockRead("hello world"),
       MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ),
       MockRead(ASYNC, OK)};
 
   StaticSocketDataProvider http_data(http_reads, arraysize(http_reads), nullptr,
                                      0);
   socket_factory_.AddSocketDataProvider(&http_data);
+  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
   MockQuicData mock_quic_data;
   mock_quic_data.AddWrite(
       ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "http", "/")));
+                                    GetRequestHeaders("GET", "https", "/")));
   mock_quic_data.AddRead(ConstructResponseHeadersPacket(
       1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
   mock_quic_data.AddRead(
@@ -703,8 +685,6 @@ TEST_P(QuicNetworkTransactionTest, UseAlternativeServiceForQuic) {
 // TODO(bnc): Update this test when multiple alternative services are handled
 // properly.
 TEST_P(QuicNetworkTransactionTest, UseFirstAlternativeServiceForQuic) {
-  params_.enable_insecure_quic = true;
-
   MockRead http_reads[] = {
       MockRead("HTTP/1.1 200 OK\r\n"),
       MockRead("Alt-Svc: quic=\":443\", quic=\":1234\"\r\n\r\n"),
@@ -715,11 +695,12 @@ TEST_P(QuicNetworkTransactionTest, UseFirstAlternativeServiceForQuic) {
   StaticSocketDataProvider http_data(http_reads, arraysize(http_reads), nullptr,
                                      0);
   socket_factory_.AddSocketDataProvider(&http_data);
+  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
   MockQuicData mock_quic_data;
   mock_quic_data.AddWrite(
       ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "http", "/")));
+                                    GetRequestHeaders("GET", "https", "/")));
   mock_quic_data.AddRead(ConstructResponseHeadersPacket(
       1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
   mock_quic_data.AddRead(
@@ -738,11 +719,9 @@ TEST_P(QuicNetworkTransactionTest, UseFirstAlternativeServiceForQuic) {
 }
 
 TEST_P(QuicNetworkTransactionTest, AlternativeServiceDifferentPort) {
-  params_.enable_insecure_quic = true;
-
   MockRead http_reads[] = {
       MockRead("HTTP/1.1 200 OK\r\n"),
-      MockRead(kQuicAlternativeServiceDifferentPortHttpHeader),
+      MockRead(kQuicAlternativeServiceDifferentPortHeader),
       MockRead("hello world"),
       MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ),
       MockRead(ASYNC, OK)};
@@ -750,11 +729,12 @@ TEST_P(QuicNetworkTransactionTest, AlternativeServiceDifferentPort) {
   StaticSocketDataProvider http_data(http_reads, arraysize(http_reads), nullptr,
                                      0);
   socket_factory_.AddSocketDataProvider(&http_data);
+  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
   MockQuicData mock_quic_data;
   mock_quic_data.AddWrite(
       ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "http", "/")));
+                                    GetRequestHeaders("GET", "https", "/")));
   mock_quic_data.AddRead(ConstructResponseHeadersPacket(
       1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
   mock_quic_data.AddRead(
@@ -773,22 +753,21 @@ TEST_P(QuicNetworkTransactionTest, AlternativeServiceDifferentPort) {
 }
 
 TEST_P(QuicNetworkTransactionTest, ConfirmAlternativeService) {
-  params_.enable_insecure_quic = true;
-
   MockRead http_reads[] = {
-      MockRead("HTTP/1.1 200 OK\r\n"),
-      MockRead(kQuicAlternativeServiceHttpHeader), MockRead("hello world"),
+      MockRead("HTTP/1.1 200 OK\r\n"), MockRead(kQuicAlternativeServiceHeader),
+      MockRead("hello world"),
       MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ),
       MockRead(ASYNC, OK)};
 
   StaticSocketDataProvider http_data(http_reads, arraysize(http_reads), nullptr,
                                      0);
   socket_factory_.AddSocketDataProvider(&http_data);
+  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
   MockQuicData mock_quic_data;
   mock_quic_data.AddWrite(
       ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "http", "/")));
+                                    GetRequestHeaders("GET", "https", "/")));
   mock_quic_data.AddRead(ConstructResponseHeadersPacket(
       1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
   mock_quic_data.AddRead(
@@ -820,22 +799,21 @@ TEST_P(QuicNetworkTransactionTest, ConfirmAlternativeService) {
 }
 
 TEST_P(QuicNetworkTransactionTest, UseAlternativeServiceProbabilityForQuic) {
-  params_.enable_insecure_quic = true;
-
   MockRead http_reads[] = {
       MockRead("HTTP/1.1 200 OK\r\n"),
-      MockRead(kQuicAlternativeService50pctHttpHeader), MockRead("hello world"),
+      MockRead(kQuicAlternativeService50pctHeader), MockRead("hello world"),
       MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ),
       MockRead(ASYNC, OK)};
 
   StaticSocketDataProvider http_data(http_reads, arraysize(http_reads), nullptr,
                                      0);
   socket_factory_.AddSocketDataProvider(&http_data);
+  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
   MockQuicData mock_quic_data;
   mock_quic_data.AddWrite(
       ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "http", "/")));
+                                    GetRequestHeaders("GET", "https", "/")));
   mock_quic_data.AddRead(ConstructResponseHeadersPacket(
       1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
   mock_quic_data.AddRead(
@@ -856,18 +834,18 @@ TEST_P(QuicNetworkTransactionTest, UseAlternativeServiceProbabilityForQuic) {
 
 TEST_P(QuicNetworkTransactionTest,
        DontUseAlternativeServiceProbabilityForQuic) {
-  params_.enable_insecure_quic = true;
-
   MockRead http_reads[] = {
       MockRead("HTTP/1.1 200 OK\r\n"),
-      MockRead(kQuicAlternativeService50pctHttpHeader), MockRead("hello world"),
+      MockRead(kQuicAlternativeService50pctHeader), MockRead("hello world"),
       MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ),
       MockRead(ASYNC, OK)};
 
   StaticSocketDataProvider http_data(http_reads, arraysize(http_reads), nullptr,
                                      0);
   socket_factory_.AddSocketDataProvider(&http_data);
+  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
   socket_factory_.AddSocketDataProvider(&http_data);
+  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
   params_.alternative_service_probability_threshold = 0.75;
   CreateSessionWithNextProtos();
@@ -876,35 +854,8 @@ TEST_P(QuicNetworkTransactionTest,
   SendRequestAndExpectHttpResponse("hello world");
 }
 
-TEST_P(QuicNetworkTransactionTest, DontUseAlternativeServiceForInsecureQuic) {
-  params_.enable_insecure_quic = true;
-
-  MockRead http_reads[] = {MockRead("HTTP/1.1 200 OK\r\n"),
-                           MockRead("Content-length: 11\r\n"),
-                           MockRead("Alt-Svc: quic=\":443\"\r\n\r\n"),
-                           MockRead("hello world"),
-                           MockRead("HTTP/1.1 200 OK\r\n"),
-                           MockRead("Content-length: 11\r\n"),
-                           MockRead("Alt-Svc: quic=\":443\"\r\n\r\n"),
-                           MockRead("hello world"),
-                           MockRead(ASYNC, OK)};
-
-  StaticSocketDataProvider http_data(http_reads, arraysize(http_reads), nullptr,
-                                     0);
-  socket_factory_.AddSocketDataProvider(&http_data);
-  socket_factory_.AddSocketDataProvider(&http_data);
-
-  params_.enable_insecure_quic = false;
-  CreateSessionWithNextProtos();
-
-  SendRequestAndExpectHttpResponse("hello world");
-  SendRequestAndExpectHttpResponse("hello world");
-}
-
 TEST_P(QuicNetworkTransactionTest,
        DontUseAlternativeServiceWithBadProbabilityForQuic) {
-  params_.enable_insecure_quic = true;
-
   MockRead http_reads[] = {
       MockRead("HTTP/1.1 200 OK\r\n"),
       MockRead("Alt-Svc: quic=\":443\";p=2\r\n\r\n"), MockRead("hello world"),
@@ -914,7 +865,9 @@ TEST_P(QuicNetworkTransactionTest,
   StaticSocketDataProvider http_data(http_reads, arraysize(http_reads), nullptr,
                                      0);
   socket_factory_.AddSocketDataProvider(&http_data);
+  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
   socket_factory_.AddSocketDataProvider(&http_data);
+  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
   params_.alternative_service_probability_threshold = 0.75;
   CreateSessionWithNextProtos();
@@ -924,24 +877,21 @@ TEST_P(QuicNetworkTransactionTest,
 }
 
 TEST_P(QuicNetworkTransactionTest, UseAlternativeServiceForQuicForHttps) {
-  params_.enable_insecure_quic = true;
-  params_.origin_to_force_quic_on =
-      HostPortPair::FromString("www.google.com:443");
-
   MockRead http_reads[] = {
-      MockRead("HTTP/1.1 200 OK\r\n"),
-      MockRead(kQuicAlternativeServiceHttpsHeader), MockRead("hello world"),
+      MockRead("HTTP/1.1 200 OK\r\n"), MockRead(kQuicAlternativeServiceHeader),
+      MockRead("hello world"),
       MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ),
       MockRead(ASYNC, OK)};
 
   StaticSocketDataProvider http_data(http_reads, arraysize(http_reads), nullptr,
                                      0);
   socket_factory_.AddSocketDataProvider(&http_data);
+  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
   MockQuicData mock_quic_data;
   mock_quic_data.AddWrite(
       ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "http", "/")));
+                                    GetRequestHeaders("GET", "https", "/")));
   mock_quic_data.AddRead(ConstructResponseHeadersPacket(
       1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
   mock_quic_data.AddRead(
@@ -959,24 +909,21 @@ TEST_P(QuicNetworkTransactionTest, UseAlternativeServiceForQuicForHttps) {
 }
 
 TEST_P(QuicNetworkTransactionTest, UseAlternateProtocolForQuic) {
-  params_.enable_insecure_quic = true;
-
   MockRead http_reads[] = {
-    MockRead("HTTP/1.1 200 OK\r\n"),
-    MockRead(kQuicAlternateProtocolHttpHeader),
-    MockRead("hello world"),
-    MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ),
-    MockRead(ASYNC, OK)
-  };
+      MockRead("HTTP/1.1 200 OK\r\n"), MockRead(kQuicAlternateProtocolHeader),
+      MockRead("hello world"),
+      MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ),
+      MockRead(ASYNC, OK)};
 
   StaticSocketDataProvider http_data(http_reads, arraysize(http_reads),
                                      nullptr, 0);
   socket_factory_.AddSocketDataProvider(&http_data);
+  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
   MockQuicData mock_quic_data;
   mock_quic_data.AddWrite(
       ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "http", "/")));
+                                    GetRequestHeaders("GET", "https", "/")));
   mock_quic_data.AddRead(
       ConstructResponseHeadersPacket(1, kClientDataStreamId1, false, false,
                                      GetResponseHeaders("200 OK")));
@@ -999,11 +946,9 @@ TEST_P(QuicNetworkTransactionTest, UseAlternateProtocolForQuic) {
 }
 
 TEST_P(QuicNetworkTransactionTest, AlternateProtocolDifferentPort) {
-  params_.enable_insecure_quic = true;
-
   MockRead http_reads[] = {
       MockRead("HTTP/1.1 200 OK\r\n"),
-      MockRead(kQuicAlternateProtocolDifferentPortHttpHeader),
+      MockRead(kQuicAlternateProtocolDifferentPortHeader),
       MockRead("hello world"),
       MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ),
       MockRead(ASYNC, OK)};
@@ -1011,11 +956,12 @@ TEST_P(QuicNetworkTransactionTest, AlternateProtocolDifferentPort) {
   StaticSocketDataProvider http_data(http_reads, arraysize(http_reads), nullptr,
                                      0);
   socket_factory_.AddSocketDataProvider(&http_data);
+  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
   MockQuicData mock_quic_data;
   mock_quic_data.AddWrite(
       ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "http", "/")));
+                                    GetRequestHeaders("GET", "https", "/")));
   mock_quic_data.AddRead(ConstructResponseHeadersPacket(
       1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
   mock_quic_data.AddRead(
@@ -1037,11 +983,8 @@ TEST_P(QuicNetworkTransactionTest, AlternateProtocolDifferentPort) {
 }
 
 TEST_P(QuicNetworkTransactionTest, ConfirmAlternateProtocol) {
-  params_.enable_insecure_quic = true;
-
   MockRead http_reads[] = {
-      MockRead("HTTP/1.1 200 OK\r\n"),
-      MockRead(kQuicAlternateProtocolHttpHeader),
+      MockRead("HTTP/1.1 200 OK\r\n"), MockRead(kQuicAlternateProtocolHeader),
       MockRead("hello world"),
       MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ),
       MockRead(ASYNC, OK)};
@@ -1049,11 +992,12 @@ TEST_P(QuicNetworkTransactionTest, ConfirmAlternateProtocol) {
   StaticSocketDataProvider http_data(http_reads, arraysize(http_reads), nullptr,
                                      0);
   socket_factory_.AddSocketDataProvider(&http_data);
+  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
   MockQuicData mock_quic_data;
   mock_quic_data.AddWrite(
       ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "http", "/")));
+                                    GetRequestHeaders("GET", "https", "/")));
   mock_quic_data.AddRead(ConstructResponseHeadersPacket(
       1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
   mock_quic_data.AddRead(
@@ -1088,15 +1032,11 @@ TEST_P(QuicNetworkTransactionTest, ConfirmAlternateProtocol) {
 }
 
 TEST_P(QuicNetworkTransactionTest, UseAlternateProtocolProbabilityForQuic) {
-  params_.enable_insecure_quic = true;
-
   MockRead http_reads[] = {
-    MockRead("HTTP/1.1 200 OK\r\n"),
-    MockRead(kQuicAlternateProtocol50pctHttpHeader),
-    MockRead("hello world"),
-    MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ),
-    MockRead(ASYNC, OK)
-  };
+      MockRead("HTTP/1.1 200 OK\r\n"),
+      MockRead(kQuicAlternateProtocol50pctHeader), MockRead("hello world"),
+      MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ),
+      MockRead(ASYNC, OK)};
 
   StaticSocketDataProvider http_data(http_reads, arraysize(http_reads),
                                      nullptr, 0);
@@ -1105,7 +1045,7 @@ TEST_P(QuicNetworkTransactionTest, UseAlternateProtocolProbabilityForQuic) {
   MockQuicData mock_quic_data;
   mock_quic_data.AddWrite(
       ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "http", "/")));
+                                    GetRequestHeaders("GET", "https", "/")));
   mock_quic_data.AddRead(
       ConstructResponseHeadersPacket(1, kClientDataStreamId1, false, false,
                                      GetResponseHeaders("200 OK")));
@@ -1129,20 +1069,18 @@ TEST_P(QuicNetworkTransactionTest, UseAlternateProtocolProbabilityForQuic) {
 }
 
 TEST_P(QuicNetworkTransactionTest, DontUseAlternateProtocolProbabilityForQuic) {
-  params_.enable_insecure_quic = true;
-
   MockRead http_reads[] = {
-    MockRead("HTTP/1.1 200 OK\r\n"),
-    MockRead(kQuicAlternateProtocol50pctHttpHeader),
-    MockRead("hello world"),
-    MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ),
-    MockRead(ASYNC, OK)
-  };
+      MockRead("HTTP/1.1 200 OK\r\n"),
+      MockRead(kQuicAlternateProtocol50pctHeader), MockRead("hello world"),
+      MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ),
+      MockRead(ASYNC, OK)};
 
   StaticSocketDataProvider http_data(http_reads, arraysize(http_reads),
                                      nullptr, 0);
   socket_factory_.AddSocketDataProvider(&http_data);
+  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
   socket_factory_.AddSocketDataProvider(&http_data);
+  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
   params_.alternative_service_probability_threshold = .75;
   CreateSessionWithNextProtos();
@@ -1151,35 +1089,8 @@ TEST_P(QuicNetworkTransactionTest, DontUseAlternateProtocolProbabilityForQuic) {
   SendRequestAndExpectHttpResponse("hello world");
 }
 
-TEST_P(QuicNetworkTransactionTest, DontUseAlternateProtocolForInsecureQuic) {
-  params_.enable_insecure_quic = true;
-
-  MockRead http_reads[] = {MockRead("HTTP/1.1 200 OK\r\n"),
-                           MockRead("Content-length: 11\r\n"),
-                           MockRead("Alternate-Protocol: 443:quic\r\n\r\n"),
-                           MockRead("hello world"),
-                           MockRead("HTTP/1.1 200 OK\r\n"),
-                           MockRead("Content-length: 11\r\n"),
-                           MockRead("Alternate-Protocol: 443:quic\r\n\r\n"),
-                           MockRead("hello world"),
-                           MockRead(ASYNC, OK)};
-
-  StaticSocketDataProvider http_data(http_reads, arraysize(http_reads), nullptr,
-                                     0);
-  socket_factory_.AddSocketDataProvider(&http_data);
-  socket_factory_.AddSocketDataProvider(&http_data);
-
-  params_.enable_insecure_quic = false;
-  CreateSessionWithNextProtos();
-
-  SendRequestAndExpectHttpResponse("hello world");
-  SendRequestAndExpectHttpResponse("hello world");
-}
-
 TEST_P(QuicNetworkTransactionTest,
        DontUseAlternateProtocolWithBadProbabilityForQuic) {
-  params_.enable_insecure_quic = true;
-
   MockRead http_reads[] = {
     MockRead("HTTP/1.1 200 OK\r\n"),
     MockRead("Alternate-Protocol: 443:quic,p=2\r\n\r\n"),
@@ -1191,7 +1102,9 @@ TEST_P(QuicNetworkTransactionTest,
   StaticSocketDataProvider http_data(http_reads, arraysize(http_reads),
                                      nullptr, 0);
   socket_factory_.AddSocketDataProvider(&http_data);
+  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
   socket_factory_.AddSocketDataProvider(&http_data);
+  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
   params_.alternative_service_probability_threshold = .75;
   CreateSessionWithNextProtos();
@@ -1201,17 +1114,11 @@ TEST_P(QuicNetworkTransactionTest,
 }
 
 TEST_P(QuicNetworkTransactionTest, UseAlternateProtocolForQuicForHttps) {
-  params_.enable_insecure_quic = true;
-  params_.origin_to_force_quic_on =
-      HostPortPair::FromString("www.google.com:443");
-
   MockRead http_reads[] = {
-    MockRead("HTTP/1.1 200 OK\r\n"),
-    MockRead(kQuicAlternateProtocolHttpsHeader),
-    MockRead("hello world"),
-    MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ),
-    MockRead(ASYNC, OK)
-  };
+      MockRead("HTTP/1.1 200 OK\r\n"), MockRead(kQuicAlternateProtocolHeader),
+      MockRead("hello world"),
+      MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ),
+      MockRead(ASYNC, OK)};
 
   StaticSocketDataProvider http_data(http_reads, arraysize(http_reads),
                                      nullptr, 0);
@@ -1220,7 +1127,7 @@ TEST_P(QuicNetworkTransactionTest, UseAlternateProtocolForQuicForHttps) {
   MockQuicData mock_quic_data;
   mock_quic_data.AddWrite(
       ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "http", "/")));
+                                    GetRequestHeaders("GET", "https", "/")));
   mock_quic_data.AddRead(
       ConstructResponseHeadersPacket(1, kClientDataStreamId1, false, false,
                                      GetResponseHeaders("200 OK")));
@@ -1326,28 +1233,25 @@ TEST_P(QuicAltSvcCertificateVerificationTest,
 }
 
 TEST_P(QuicNetworkTransactionTest, HungAlternateProtocol) {
-  params_.enable_insecure_quic = true;
   crypto_client_stream_factory_.set_handshake_mode(
       MockCryptoClientStream::COLD_START);
 
   MockWrite http_writes[] = {
-    MockWrite(SYNCHRONOUS, 0, "GET / HTTP/1.1\r\n"),
-    MockWrite(SYNCHRONOUS, 1, "Host: www.google.com\r\n"),
-    MockWrite(SYNCHRONOUS, 2, "Connection: keep-alive\r\n\r\n")
-  };
+      MockWrite(SYNCHRONOUS, 0, "GET / HTTP/1.1\r\n"),
+      MockWrite(SYNCHRONOUS, 1, "Host: mail.example.com\r\n"),
+      MockWrite(SYNCHRONOUS, 2, "Connection: keep-alive\r\n\r\n")};
 
   MockRead http_reads[] = {
-    MockRead(SYNCHRONOUS, 3, "HTTP/1.1 200 OK\r\n"),
-    MockRead(SYNCHRONOUS, 4, kQuicAlternateProtocolHttpHeader),
-    MockRead(SYNCHRONOUS, 5, "hello world"),
-    MockRead(SYNCHRONOUS, OK, 6)
-  };
+      MockRead(SYNCHRONOUS, 3, "HTTP/1.1 200 OK\r\n"),
+      MockRead(SYNCHRONOUS, 4, kQuicAlternateProtocolHeader),
+      MockRead(SYNCHRONOUS, 5, "hello world"), MockRead(SYNCHRONOUS, OK, 6)};
 
   DeterministicMockClientSocketFactory socket_factory;
 
   DeterministicSocketData http_data(http_reads, arraysize(http_reads),
                                     http_writes, arraysize(http_writes));
   socket_factory.AddSocketDataProvider(&http_data);
+  socket_factory.AddSSLSocketDataProvider(&ssl_data_);
 
   // The QUIC transaction will not be allowed to complete.
   MockWrite quic_writes[] = {
@@ -1364,6 +1268,7 @@ TEST_P(QuicNetworkTransactionTest, HungAlternateProtocol) {
   DeterministicSocketData http_data2(http_reads, arraysize(http_reads),
                                      http_writes, arraysize(http_writes));
   socket_factory.AddSocketDataProvider(&http_data2);
+  socket_factory.AddSSLSocketDataProvider(&ssl_data_);
 
   CreateSessionWithFactory(&socket_factory, true);
 
@@ -1385,11 +1290,10 @@ TEST_P(QuicNetworkTransactionTest, HungAlternateProtocol) {
 }
 
 TEST_P(QuicNetworkTransactionTest, ZeroRTTWithHttpRace) {
-  params_.enable_insecure_quic = true;
   MockQuicData mock_quic_data;
   mock_quic_data.AddWrite(
       ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "http", "/")));
+                                    GetRequestHeaders("GET", "https", "/")));
   mock_quic_data.AddRead(
       ConstructResponseHeadersPacket(1, kClientDataStreamId1, false, false,
                                      GetResponseHeaders("200 OK")));
@@ -1411,11 +1315,10 @@ TEST_P(QuicNetworkTransactionTest, ZeroRTTWithHttpRace) {
 }
 
 TEST_P(QuicNetworkTransactionTest, ZeroRTTWithNoHttpRace) {
-  params_.enable_insecure_quic = true;
   MockQuicData mock_quic_data;
   mock_quic_data.AddWrite(
       ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "http", "/")));
+                                    GetRequestHeaders("GET", "https", "/")));
   mock_quic_data.AddRead(
       ConstructResponseHeadersPacket(1, kClientDataStreamId1, false, false,
                                      GetResponseHeaders("200 OK")));
@@ -1430,8 +1333,9 @@ TEST_P(QuicNetworkTransactionTest, ZeroRTTWithNoHttpRace) {
   // without racing an HTTP connection, we need the host resolution to happen
   // synchronously.
   host_resolver_.set_synchronous_mode(true);
-  host_resolver_.rules()->AddIPLiteralRule("www.google.com", "192.168.0.1", "");
-  HostResolver::RequestInfo info(HostPortPair("www.google.com", 80));
+  host_resolver_.rules()->AddIPLiteralRule("mail.example.com", "192.168.0.1",
+                                           "");
+  HostResolver::RequestInfo info(HostPortPair("mail.example.com", 443));
   AddressList address;
   host_resolver_.Resolve(info,
                          DEFAULT_PRIORITY,
@@ -1446,22 +1350,18 @@ TEST_P(QuicNetworkTransactionTest, ZeroRTTWithNoHttpRace) {
 }
 
 TEST_P(QuicNetworkTransactionTest, ZeroRTTWithProxy) {
-  params_.enable_insecure_quic = true;
   proxy_service_ = ProxyService::CreateFixedFromPacResult("PROXY myproxy:70");
 
   // Since we are using a proxy, the QUIC job will not succeed.
   MockWrite http_writes[] = {
-    MockWrite(SYNCHRONOUS, 0, "GET http://www.google.com/ HTTP/1.1\r\n"),
-    MockWrite(SYNCHRONOUS, 1, "Host: www.google.com\r\n"),
-    MockWrite(SYNCHRONOUS, 2, "Proxy-Connection: keep-alive\r\n\r\n")
-  };
+      MockWrite(SYNCHRONOUS, 0, "GET http://mail.example.com/ HTTP/1.1\r\n"),
+      MockWrite(SYNCHRONOUS, 1, "Host: mail.example.com\r\n"),
+      MockWrite(SYNCHRONOUS, 2, "Proxy-Connection: keep-alive\r\n\r\n")};
 
   MockRead http_reads[] = {
-    MockRead(SYNCHRONOUS, 3, "HTTP/1.1 200 OK\r\n"),
-    MockRead(SYNCHRONOUS, 4, kQuicAlternateProtocolHttpHeader),
-    MockRead(SYNCHRONOUS, 5, "hello world"),
-    MockRead(SYNCHRONOUS, OK, 6)
-  };
+      MockRead(SYNCHRONOUS, 3, "HTTP/1.1 200 OK\r\n"),
+      MockRead(SYNCHRONOUS, 4, kQuicAlternateProtocolHeader),
+      MockRead(SYNCHRONOUS, 5, "hello world"), MockRead(SYNCHRONOUS, OK, 6)};
 
   StaticSocketDataProvider http_data(http_reads, arraysize(http_reads),
                                      http_writes, arraysize(http_writes));
@@ -1471,8 +1371,9 @@ TEST_P(QuicNetworkTransactionTest, ZeroRTTWithProxy) {
   // without racing an HTTP connection, we need the host resolution to happen
   // synchronously.
   host_resolver_.set_synchronous_mode(true);
-  host_resolver_.rules()->AddIPLiteralRule("www.google.com", "192.168.0.1", "");
-  HostResolver::RequestInfo info(HostPortPair("www.google.com", 80));
+  host_resolver_.rules()->AddIPLiteralRule("mail.example.com", "192.168.0.1",
+                                           "");
+  HostResolver::RequestInfo info(HostPortPair("mail.example.com", 443));
   AddressList address;
   host_resolver_.Resolve(info,
                          DEFAULT_PRIORITY,
@@ -1481,17 +1382,17 @@ TEST_P(QuicNetworkTransactionTest, ZeroRTTWithProxy) {
                          nullptr,
                          net_log_.bound());
 
+  request_.url = GURL("http://mail.example.com/");
   CreateSessionWithNextProtos();
   AddQuicAlternateProtocolMapping(MockCryptoClientStream::ZERO_RTT);
   SendRequestAndExpectHttpResponse("hello world");
 }
 
 TEST_P(QuicNetworkTransactionTest, ZeroRTTWithConfirmationRequired) {
-  params_.enable_insecure_quic = true;
   MockQuicData mock_quic_data;
   mock_quic_data.AddWrite(
       ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "http", "/")));
+                                    GetRequestHeaders("GET", "https", "/")));
   mock_quic_data.AddRead(
       ConstructResponseHeadersPacket(1, kClientDataStreamId1, false, false,
                                      GetResponseHeaders("200 OK")));
@@ -1511,8 +1412,9 @@ TEST_P(QuicNetworkTransactionTest, ZeroRTTWithConfirmationRequired) {
   // connection to the the server, in this test we require confirmation
   // before encrypting so the HTTP job will still start.
   host_resolver_.set_synchronous_mode(true);
-  host_resolver_.rules()->AddIPLiteralRule("www.google.com", "192.168.0.1", "");
-  HostResolver::RequestInfo info(HostPortPair("www.google.com", 80));
+  host_resolver_.rules()->AddIPLiteralRule("mail.example.com", "192.168.0.1",
+                                           "");
+  HostResolver::RequestInfo info(HostPortPair("mail.example.com", 443));
   AddressList address;
   host_resolver_.Resolve(info, DEFAULT_PRIORITY, &address,
                          CompletionCallback(), nullptr, net_log_.bound());
@@ -1536,7 +1438,6 @@ TEST_P(QuicNetworkTransactionTest, ZeroRTTWithConfirmationRequired) {
 }
 
 TEST_P(QuicNetworkTransactionTest, BrokenAlternateProtocol) {
-  params_.enable_insecure_quic = true;
   // Alternate-protocol job
   scoped_ptr<QuicEncryptedPacket> close(ConstructConnectionClosePacket(1));
   MockRead quic_reads[] = {
@@ -1559,6 +1460,7 @@ TEST_P(QuicNetworkTransactionTest, BrokenAlternateProtocol) {
   StaticSocketDataProvider http_data(http_reads, arraysize(http_reads),
                                      nullptr, 0);
   socket_factory_.AddSocketDataProvider(&http_data);
+  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
   CreateSessionWithNextProtos();
   AddQuicAlternateProtocolMapping(MockCryptoClientStream::COLD_START);
@@ -1567,7 +1469,6 @@ TEST_P(QuicNetworkTransactionTest, BrokenAlternateProtocol) {
 }
 
 TEST_P(QuicNetworkTransactionTest, BrokenAlternateProtocolReadError) {
-  params_.enable_insecure_quic = true;
   // Alternate-protocol job
   MockRead quic_reads[] = {
     MockRead(ASYNC, ERR_SOCKET_NOT_CONNECTED),
@@ -1587,6 +1488,7 @@ TEST_P(QuicNetworkTransactionTest, BrokenAlternateProtocolReadError) {
   StaticSocketDataProvider http_data(http_reads, arraysize(http_reads),
                                      nullptr, 0);
   socket_factory_.AddSocketDataProvider(&http_data);
+  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
   CreateSessionWithNextProtos();
 
@@ -1596,7 +1498,6 @@ TEST_P(QuicNetworkTransactionTest, BrokenAlternateProtocolReadError) {
 }
 
 TEST_P(QuicNetworkTransactionTest, NoBrokenAlternateProtocolIfTcpFails) {
-  params_.enable_insecure_quic = true;
   // Alternate-protocol job will fail when the session attempts to read.
   MockRead quic_reads[] = {
     MockRead(ASYNC, ERR_SOCKET_NOT_CONNECTED),
@@ -1614,6 +1515,7 @@ TEST_P(QuicNetworkTransactionTest, NoBrokenAlternateProtocolIfTcpFails) {
                                      nullptr, 0);
   http_data.set_connect_data(MockConnect(ASYNC, ERR_SOCKET_NOT_CONNECTED));
   socket_factory_.AddSocketDataProvider(&http_data);
+  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
   CreateSessionWithNextProtos();
 
@@ -1628,7 +1530,6 @@ TEST_P(QuicNetworkTransactionTest, NoBrokenAlternateProtocolIfTcpFails) {
 }
 
 TEST_P(QuicNetworkTransactionTest, FailedZeroRttBrokenAlternateProtocol) {
-  params_.enable_insecure_quic = true;
   // Alternate-protocol job
   MockRead quic_reads[] = {
     MockRead(ASYNC, ERR_SOCKET_NOT_CONNECTED),
@@ -1655,6 +1556,7 @@ TEST_P(QuicNetworkTransactionTest, FailedZeroRttBrokenAlternateProtocol) {
   StaticSocketDataProvider http_data(http_reads, arraysize(http_reads),
                                      nullptr, 0);
   socket_factory_.AddSocketDataProvider(&http_data);
+  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
   CreateSessionWithNextProtos();
 
@@ -1669,7 +1571,6 @@ TEST_P(QuicNetworkTransactionTest, FailedZeroRttBrokenAlternateProtocol) {
 }
 
 TEST_P(QuicNetworkTransactionTest, DISABLED_HangingZeroRttFallback) {
-  params_.enable_insecure_quic = true;
   // Alternate-protocol job
   MockRead quic_reads[] = {
     MockRead(ASYNC, ERR_IO_PENDING),
@@ -1698,7 +1599,6 @@ TEST_P(QuicNetworkTransactionTest, DISABLED_HangingZeroRttFallback) {
 }
 
 TEST_P(QuicNetworkTransactionTest, BrokenAlternateProtocolOnConnectFailure) {
-  params_.enable_insecure_quic = true;
   // Alternate-protocol job will fail before creating a QUIC session.
   StaticSocketDataProvider quic_data(nullptr, 0, nullptr, 0);
   quic_data.set_connect_data(MockConnect(SYNCHRONOUS,
@@ -1716,6 +1616,7 @@ TEST_P(QuicNetworkTransactionTest, BrokenAlternateProtocolOnConnectFailure) {
   StaticSocketDataProvider http_data(http_reads, arraysize(http_reads),
                                      nullptr, 0);
   socket_factory_.AddSocketDataProvider(&http_data);
+  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
   CreateSessionWithNextProtos();
   AddQuicAlternateProtocolMapping(MockCryptoClientStream::COLD_START);
@@ -1725,34 +1626,33 @@ TEST_P(QuicNetworkTransactionTest, BrokenAlternateProtocolOnConnectFailure) {
 }
 
 TEST_P(QuicNetworkTransactionTest, ConnectionCloseDuringConnect) {
-  params_.enable_insecure_quic = true;
   MockQuicData mock_quic_data;
   mock_quic_data.AddSynchronousRead(ConstructConnectionClosePacket(1));
   mock_quic_data.AddWrite(
       ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "http", "/")));
+                                    GetRequestHeaders("GET", "https", "/")));
   mock_quic_data.AddWrite(ConstructAckPacket(2, 1));
   mock_quic_data.AddSocketDataToFactory(&socket_factory_);
 
   // When the QUIC connection fails, we will try the request again over HTTP.
   MockRead http_reads[] = {
-    MockRead("HTTP/1.1 200 OK\r\n"),
-    MockRead(kQuicAlternateProtocolHttpHeader),
-    MockRead("hello world"),
-    MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ),
-    MockRead(ASYNC, OK)
-  };
+      MockRead("HTTP/1.1 200 OK\r\n"), MockRead(kQuicAlternateProtocolHeader),
+      MockRead("hello world"),
+      MockRead(SYNCHRONOUS, ERR_TEST_PEER_CLOSE_AFTER_NEXT_MOCK_READ),
+      MockRead(ASYNC, OK)};
 
   StaticSocketDataProvider http_data(http_reads, arraysize(http_reads),
                                      nullptr, 0);
   socket_factory_.AddSocketDataProvider(&http_data);
+  socket_factory_.AddSSLSocketDataProvider(&ssl_data_);
 
   // In order for a new QUIC session to be established via alternate-protocol
   // without racing an HTTP connection, we need the host resolution to happen
   // synchronously.
   host_resolver_.set_synchronous_mode(true);
-  host_resolver_.rules()->AddIPLiteralRule("www.google.com", "192.168.0.1", "");
-  HostResolver::RequestInfo info(HostPortPair("www.google.com", 80));
+  host_resolver_.rules()->AddIPLiteralRule("mail.example.com", "192.168.0.1",
+                                           "");
+  HostResolver::RequestInfo info(HostPortPair("mail.example.com", 443));
   AddressList address;
   host_resolver_.Resolve(info,
                          DEFAULT_PRIORITY,
@@ -1766,38 +1666,7 @@ TEST_P(QuicNetworkTransactionTest, ConnectionCloseDuringConnect) {
   SendRequestAndExpectHttpResponse("hello world");
 }
 
-// Test that a secure request over an insecure QUIC connection fails with
-// the appropriate error code.  Note that this never happens in production,
-// because the handshake (which this test mocks) would fail in this scenario.
-TEST_P(QuicNetworkTransactionTest, SecureResourceOverInsecureQuic) {
-  params_.enable_insecure_quic = true;
-  maker_.set_hostname("www.example.org");
-  MockQuicData mock_quic_data;
-  mock_quic_data.AddWrite(
-      ConstructRequestHeadersPacket(1, kClientDataStreamId1, true, true,
-                                    GetRequestHeaders("GET", "https", "/")));
-  mock_quic_data.AddRead(ConstructResponseHeadersPacket(
-      1, kClientDataStreamId1, false, false, GetResponseHeaders("200 OK")));
-  mock_quic_data.AddRead(
-      ConstructDataPacket(2, kClientDataStreamId1, false, true, 0, "hello!"));
-  mock_quic_data.AddWrite(ConstructAckPacket(2, 1));
-  mock_quic_data.AddRead(SYNCHRONOUS, 0);
-  mock_quic_data.AddSocketDataToFactory(&socket_factory_);
-
-  request_.url = GURL("https://www.example.org:443");
-  AddHangingNonAlternateProtocolSocketData();
-  CreateSessionWithNextProtos();
-  AddQuicAlternateProtocolMapping(MockCryptoClientStream::CONFIRM_HANDSHAKE);
-  scoped_ptr<HttpNetworkTransaction> trans(
-      new HttpNetworkTransaction(DEFAULT_PRIORITY, session_.get()));
-  TestCompletionCallback callback;
-  int rv = trans->Start(&request_, callback.callback(), net_log_.bound());
-  EXPECT_EQ(ERR_REQUEST_FOR_SECURE_RESOURCE_OVER_INSECURE_QUIC,
-            callback.GetResult(rv));
-}
-
 TEST_P(QuicNetworkTransactionTest, SecureResourceOverSecureQuic) {
-  params_.enable_insecure_quic = true;
   maker_.set_hostname("www.example.org");
   EXPECT_FALSE(
       test_network_quality_estimator_->IsRTTAvailableNotificationReceived());
@@ -1813,16 +1682,6 @@ TEST_P(QuicNetworkTransactionTest, SecureResourceOverSecureQuic) {
   mock_quic_data.AddRead(SYNCHRONOUS, ERR_IO_PENDING);  // No more read data.
   mock_quic_data.AddSocketDataToFactory(&socket_factory_);
 
-  scoped_refptr<X509Certificate> cert(
-      ImportCertFromFile(GetTestCertsDirectory(), "spdy_pooling.pem"));
-  ASSERT_TRUE(cert.get());
-  bool common_name_fallback_used;
-  EXPECT_TRUE(
-      cert->VerifyNameMatch("www.example.org", &common_name_fallback_used));
-  ProofVerifyDetailsChromium verify_details;
-  verify_details.cert_verify_result.verified_cert = cert;
-  crypto_client_stream_factory_.AddProofVerifyDetails(&verify_details);
-
   request_.url = GURL("https://www.example.org:443");
   AddHangingNonAlternateProtocolSocketData();
   CreateSessionWithNextProtos();
diff --git a/net/quic/quic_stream_factory.cc b/net/quic/quic_stream_factory.cc
index aeb5107..51fb16c 100644
--- a/net/quic/quic_stream_factory.cc
+++ b/net/quic/quic_stream_factory.cc
@@ -124,29 +124,6 @@ QuicPacketWriter* DefaultPacketWriterFactory::Create(
 
 }  // namespace
 
-QuicStreamFactory::IpAliasKey::IpAliasKey() {}
-
-QuicStreamFactory::IpAliasKey::IpAliasKey(IPEndPoint ip_endpoint,
-                                          bool is_https)
-    : ip_endpoint(ip_endpoint),
-      is_https(is_https) {}
-
-QuicStreamFactory::IpAliasKey::~IpAliasKey() {}
-
-bool QuicStreamFactory::IpAliasKey::operator<(
-    const QuicStreamFactory::IpAliasKey& other) const {
-  if (!(ip_endpoint == other.ip_endpoint)) {
-    return ip_endpoint < other.ip_endpoint;
-  }
-  return is_https < other.is_https;
-}
-
-bool QuicStreamFactory::IpAliasKey::operator==(
-    const QuicStreamFactory::IpAliasKey& other) const {
-  return is_https == other.is_https &&
-      ip_endpoint == other.ip_endpoint;
-};
-
 // Responsible for creating a new QUIC session to the specified server, and
 // for notifying any associated requests when complete.
 class QuicStreamFactory::Job {
@@ -155,7 +132,6 @@ class QuicStreamFactory::Job {
       HostResolver* host_resolver,
       const HostPortPair& host_port_pair,
       bool server_and_origin_have_same_host,
-      bool is_https,
       bool was_alternative_service_recently_broken,
       PrivacyMode privacy_mode,
       int cert_verify_flags,
@@ -232,7 +208,6 @@ QuicStreamFactory::Job::Job(QuicStreamFactory* factory,
                             HostResolver* host_resolver,
                             const HostPortPair& host_port_pair,
                             bool server_and_origin_have_same_host,
-                            bool is_https,
                             bool was_alternative_service_recently_broken,
                             PrivacyMode privacy_mode,
                             int cert_verify_flags,
@@ -242,7 +217,7 @@ QuicStreamFactory::Job::Job(QuicStreamFactory* factory,
     : io_state_(STATE_RESOLVE_HOST),
       factory_(factory),
       host_resolver_(host_resolver),
-      server_id_(host_port_pair, is_https, privacy_mode),
+      server_id_(host_port_pair, /*is_https=*/true, privacy_mode),
       cert_verify_flags_(cert_verify_flags),
       server_and_origin_have_same_host_(server_and_origin_have_same_host),
       is_post_(is_post),
@@ -252,8 +227,7 @@ QuicStreamFactory::Job::Job(QuicStreamFactory* factory,
       started_another_job_(false),
       net_log_(net_log),
       session_(nullptr),
-      weak_factory_(this) {
-}
+      weak_factory_(this) {}
 
 QuicStreamFactory::Job::Job(QuicStreamFactory* factory,
                             HostResolver* host_resolver,
@@ -516,7 +490,6 @@ QuicStreamRequest::~QuicStreamRequest() {
 }
 
 int QuicStreamRequest::Request(const HostPortPair& host_port_pair,
-                               bool is_https,
                                PrivacyMode privacy_mode,
                                int cert_verify_flags,
                                base::StringPiece origin_host,
@@ -528,12 +501,10 @@ int QuicStreamRequest::Request(const HostPortPair& host_port_pair,
   DCHECK(factory_);
   origin_host_ = origin_host.as_string();
   privacy_mode_ = privacy_mode;
-  int rv =
-      factory_->Create(host_port_pair, is_https, privacy_mode,
-                       cert_verify_flags, origin_host, method, net_log, this);
+  int rv = factory_->Create(host_port_pair, privacy_mode, cert_verify_flags,
+                            origin_host, method, net_log, this);
   if (rv == ERR_IO_PENDING) {
     host_port_pair_ = host_port_pair;
-    is_https_ = is_https;
     net_log_ = net_log;
     callback_ = callback;
   } else {
@@ -558,7 +529,7 @@ base::TimeDelta QuicStreamRequest::GetTimeDelayForWaitingJob() const {
   if (!factory_)
     return base::TimeDelta();
   return factory_->GetTimeDelayForWaitingJob(
-      QuicServerId(host_port_pair_, is_https_, privacy_mode_));
+      QuicServerId(host_port_pair_, /*is_https=*/true, privacy_mode_));
 }
 
 scoped_ptr<QuicHttpStream> QuicStreamRequest::ReleaseStream() {
@@ -718,14 +689,13 @@ void QuicStreamFactory::set_quic_server_info_factory(
 }
 
 int QuicStreamFactory::Create(const HostPortPair& host_port_pair,
-                              bool is_https,
                               PrivacyMode privacy_mode,
                               int cert_verify_flags,
                               base::StringPiece origin_host,
                               base::StringPiece method,
                               const BoundNetLog& net_log,
                               QuicStreamRequest* request) {
-  QuicServerId server_id(host_port_pair, is_https, privacy_mode);
+  QuicServerId server_id(host_port_pair, /*is_https=*/true, privacy_mode);
   SessionMap::iterator it = active_sessions_.find(server_id);
   if (it != active_sessions_.end()) {
     QuicChromiumClientSession* session = it->second;
@@ -762,11 +732,10 @@ int QuicStreamFactory::Create(const HostPortPair& host_port_pair,
   }
 
   bool server_and_origin_have_same_host = host_port_pair.host() == origin_host;
-  scoped_ptr<Job> job(new Job(this, host_resolver_, host_port_pair,
-                              server_and_origin_have_same_host, is_https,
-                              WasQuicRecentlyBroken(server_id), privacy_mode,
-                              cert_verify_flags, method == "POST" /* is_post */,
-                              quic_server_info, net_log));
+  scoped_ptr<Job> job(new Job(
+      this, host_resolver_, host_port_pair, server_and_origin_have_same_host,
+      WasQuicRecentlyBroken(server_id), privacy_mode, cert_verify_flags,
+      method == "POST" /* is_post */, quic_server_info, net_log));
   int rv = job->Run(base::Bind(&QuicStreamFactory::OnJobComplete,
                                base::Unretained(this), job.get()));
   if (rv == ERR_IO_PENDING) {
@@ -791,11 +760,10 @@ void QuicStreamFactory::CreateAuxilaryJob(const QuicServerId server_id,
                                           bool server_and_origin_have_same_host,
                                           bool is_post,
                                           const BoundNetLog& net_log) {
-  Job* aux_job =
-      new Job(this, host_resolver_, server_id.host_port_pair(),
-              server_and_origin_have_same_host, server_id.is_https(),
-              WasQuicRecentlyBroken(server_id), server_id.privacy_mode(),
-              cert_verify_flags, is_post, nullptr, net_log);
+  Job* aux_job = new Job(
+      this, host_resolver_, server_id.host_port_pair(),
+      server_and_origin_have_same_host, WasQuicRecentlyBroken(server_id),
+      server_id.privacy_mode(), cert_verify_flags, is_post, nullptr, net_log);
   active_jobs_[server_id].insert(aux_job);
   task_runner_->PostTask(FROM_HERE,
                          base::Bind(&QuicStreamFactory::Job::RunAuxilaryJob,
@@ -810,11 +778,10 @@ bool QuicStreamFactory::OnResolution(
     return false;
   }
   for (const IPEndPoint& address : address_list) {
-    const IpAliasKey ip_alias_key(address, server_id.is_https());
-    if (!ContainsKey(ip_aliases_, ip_alias_key))
+    if (!ContainsKey(ip_aliases_, address))
       continue;
 
-    const SessionSet& sessions = ip_aliases_[ip_alias_key];
+    const SessionSet& sessions = ip_aliases_[address];
     for (QuicChromiumClientSession* session : sessions) {
       if (!session->CanPool(server_id.host(), server_id.privacy_mode()))
         continue;
@@ -993,11 +960,10 @@ void QuicStreamFactory::OnSessionGoingAway(QuicChromiumClientSession* session) {
   }
   ProcessGoingAwaySession(session, all_sessions_[session], false);
   if (!aliases.empty()) {
-    const IpAliasKey ip_alias_key(session->connection()->peer_address(),
-                                  aliases.begin()->is_https());
-    ip_aliases_[ip_alias_key].erase(session);
-    if (ip_aliases_[ip_alias_key].empty()) {
-      ip_aliases_.erase(ip_alias_key);
+    const IPEndPoint peer_address = session->connection()->peer_address();
+    ip_aliases_[peer_address].erase(session);
+    if (ip_aliases_[peer_address].empty()) {
+      ip_aliases_.erase(peer_address);
     }
   }
   session_aliases_.erase(session);
@@ -1083,11 +1049,10 @@ void QuicStreamFactory::OnSessionConnectTimeout(
     return;
   }
 
-  const IpAliasKey ip_alias_key(session->connection()->peer_address(),
-                                aliases.begin()->is_https());
-  ip_aliases_[ip_alias_key].erase(session);
-  if (ip_aliases_[ip_alias_key].empty()) {
-    ip_aliases_.erase(ip_alias_key);
+  const IPEndPoint peer_address = session->connection()->peer_address();
+  ip_aliases_[peer_address].erase(session);
+  if (ip_aliases_[peer_address].empty()) {
+    ip_aliases_.erase(peer_address);
   }
   QuicServerId server_id = *aliases.begin();
   session_aliases_.erase(session);
@@ -1267,7 +1232,7 @@ int QuicStreamFactory::CreateSession(const QuicServerId& server_id,
 
   QuicConnection* connection = new QuicConnection(
       connection_id, addr, helper_.get(), packet_writer_factory,
-      true /* owns_writer */, Perspective::IS_CLIENT, server_id.is_https(),
+      true /* owns_writer */, Perspective::IS_CLIENT, /*is_https=*/true,
       supported_versions_);
   connection->SetMaxPacketLength(max_packet_length_);
 
@@ -1330,10 +1295,9 @@ void QuicStreamFactory::ActivateSession(const QuicServerId& server_id,
   UMA_HISTOGRAM_COUNTS("Net.QuicActiveSessions", active_sessions_.size());
   active_sessions_[server_id] = session;
   session_aliases_[session].insert(server_id);
-  const IpAliasKey ip_alias_key(session->connection()->peer_address(),
-                                server_id.is_https());
-  DCHECK(!ContainsKey(ip_aliases_[ip_alias_key], session));
-  ip_aliases_[ip_alias_key].insert(session);
+  const IPEndPoint peer_address = session->connection()->peer_address();
+  DCHECK(!ContainsKey(ip_aliases_[peer_address], session));
+  ip_aliases_[peer_address].insert(session);
 }
 
 int64 QuicStreamFactory::GetServerNetworkStatsSmoothedRttInMicroseconds(
@@ -1383,17 +1347,10 @@ void QuicStreamFactory::InitializeCachedStateInCryptoConfig(
                           server_info->state().server_config.empty());
   }
 
-  if (!cached->Initialize(server_info->state().server_config,
-                          server_info->state().source_address_token,
-                          server_info->state().certs,
-                          server_info->state().server_config_sig,
-                          clock_->WallNow()))
-    return;
-
-  if (!server_id.is_https()) {
-    // Don't check the certificates for insecure QUIC.
-    cached->SetProofValid();
-  }
+  cached->Initialize(server_info->state().server_config,
+                     server_info->state().source_address_token,
+                     server_info->state().certs,
+                     server_info->state().server_config_sig, clock_->WallNow());
 }
 
 void QuicStreamFactory::MaybeInitialize() {
diff --git a/net/quic/quic_stream_factory.h b/net/quic/quic_stream_factory.h
index 6b5c691..42d688a 100644
--- a/net/quic/quic_stream_factory.h
+++ b/net/quic/quic_stream_factory.h
@@ -61,11 +61,9 @@ class NET_EXPORT_PRIVATE QuicStreamRequest {
   explicit QuicStreamRequest(QuicStreamFactory* factory);
   ~QuicStreamRequest();
 
-  // For http, |is_https| is false.
   // |cert_verify_flags| is bitwise OR'd of CertVerifier::VerifyFlags and it is
   // passed to CertVerifier::Verify.
   int Request(const HostPortPair& host_port_pair,
-              bool is_https,
               PrivacyMode privacy_mode,
               int cert_verify_flags,
               base::StringPiece origin_host,
@@ -93,7 +91,6 @@ class NET_EXPORT_PRIVATE QuicStreamRequest {
   QuicStreamFactory* factory_;
   HostPortPair host_port_pair_;
   std::string origin_host_;
-  bool is_https_;
   PrivacyMode privacy_mode_;
   BoundNetLog net_log_;
   CompletionCallback callback_;
@@ -144,12 +141,11 @@ class NET_EXPORT_PRIVATE QuicStreamFactory
   ~QuicStreamFactory() override;
 
   // Creates a new QuicHttpStream to |host_port_pair| which will be
-  // owned by |request|. |is_https| specifies if the protocol is https or not.
+  // owned by |request|.
   // If a matching session already exists, this method will return OK.  If no
   // matching session exists, this will return ERR_IO_PENDING and will invoke
   // OnRequestComplete asynchronously.
   int Create(const HostPortPair& host_port_pair,
-             bool is_https,
              PrivacyMode privacy_mode,
              int cert_verify_flags,
              base::StringPiece origin_host,
@@ -257,27 +253,12 @@ class NET_EXPORT_PRIVATE QuicStreamFactory
   friend class test::QuicStreamFactoryPeer;
   FRIEND_TEST_ALL_PREFIXES(HttpStreamFactoryTest, QuicLossyProxyMarkedAsBad);
 
-  // The key used to find session by ip. Includes
-  // the ip address, port, and scheme.
-  struct NET_EXPORT_PRIVATE IpAliasKey {
-    IpAliasKey();
-    IpAliasKey(IPEndPoint ip_endpoint, bool is_https);
-    ~IpAliasKey();
-
-    IPEndPoint ip_endpoint;
-    bool is_https;
-
-    // Needed to be an element of std::set.
-    bool operator<(const IpAliasKey &other) const;
-    bool operator==(const IpAliasKey &other) const;
-  };
-
   typedef std::map<QuicServerId, QuicChromiumClientSession*> SessionMap;
   typedef std::map<QuicChromiumClientSession*, QuicServerId> SessionIdMap;
   typedef std::set<QuicServerId> AliasSet;
   typedef std::map<QuicChromiumClientSession*, AliasSet> SessionAliasMap;
   typedef std::set<QuicChromiumClientSession*> SessionSet;
-  typedef std::map<IpAliasKey, SessionSet> IPAliasMap;
+  typedef std::map<IPEndPoint, SessionSet> IPAliasMap;
   typedef std::map<QuicServerId, QuicCryptoClientConfig*> CryptoConfigMap;
   typedef std::set<Job*> JobSet;
   typedef std::map<QuicServerId, JobSet> JobMap;
diff --git a/net/quic/quic_stream_factory_test.cc b/net/quic/quic_stream_factory_test.cc
index 39bb4b0..2d61006 100644
--- a/net/quic/quic_stream_factory_test.cc
+++ b/net/quic/quic_stream_factory_test.cc
@@ -86,17 +86,17 @@ class QuicStreamFactoryPeer {
   }
 
   static bool HasActiveSession(QuicStreamFactory* factory,
-                               const HostPortPair& host_port_pair,
-                               bool is_https) {
-    QuicServerId server_id(host_port_pair, is_https, PRIVACY_MODE_DISABLED);
+                               const HostPortPair& host_port_pair) {
+    QuicServerId server_id(host_port_pair, /*is_https=*/true,
+                           PRIVACY_MODE_DISABLED);
     return factory->HasActiveSession(server_id);
   }
 
   static QuicChromiumClientSession* GetActiveSession(
       QuicStreamFactory* factory,
-      const HostPortPair& host_port_pair,
-      bool is_https) {
-    QuicServerId server_id(host_port_pair, is_https, PRIVACY_MODE_DISABLED);
+      const HostPortPair& host_port_pair) {
+    QuicServerId server_id(host_port_pair, /*is_https=*/true,
+                           PRIVACY_MODE_DISABLED);
     DCHECK(factory->HasActiveSession(server_id));
     return factory->active_sessions_[server_id];
   }
@@ -299,7 +299,6 @@ class QuicStreamFactoryTest : public ::testing::TestWithParam<TestParams> {
                  /*store_server_configs_in_properties=*/false,
                  QuicTagVector()),
         host_port_pair_(kDefaultServerHostName, kDefaultServerPort),
-        is_https_(false),
         privacy_mode_(PRIVACY_MODE_DISABLED) {
     factory_.set_require_confirmation(false);
     factory_.set_quic_server_info_factory(new MockQuicServerInfoFactory());
@@ -309,15 +308,13 @@ class QuicStreamFactoryTest : public ::testing::TestWithParam<TestParams> {
   }
 
   bool HasActiveSession(const HostPortPair& host_port_pair) {
-    return QuicStreamFactoryPeer::HasActiveSession(&factory_, host_port_pair,
-                                                   /*is_https_=*/false);
+    return QuicStreamFactoryPeer::HasActiveSession(&factory_, host_port_pair);
   }
 
   scoped_ptr<QuicHttpStream> CreateFromSession(
       const HostPortPair& host_port_pair) {
     QuicChromiumClientSession* session =
-        QuicStreamFactoryPeer::GetActiveSession(&factory_, host_port_pair,
-                                                /*is_https=*/false);
+        QuicStreamFactoryPeer::GetActiveSession(&factory_, host_port_pair);
     return QuicStreamFactoryPeer::CreateFromSession(&factory_, session);
   }
 
@@ -345,7 +342,7 @@ class QuicStreamFactoryTest : public ::testing::TestWithParam<TestParams> {
 
     QuicStreamRequest request(&factory_);
     EXPECT_EQ(ERR_IO_PENDING,
-              request.Request(destination, is_https_, privacy_mode_,
+              request.Request(destination, privacy_mode_,
                               /*cert_verify_flags=*/0, destination.host(),
                               "GET", net_log_, callback_.callback()));
 
@@ -355,8 +352,7 @@ class QuicStreamFactoryTest : public ::testing::TestWithParam<TestParams> {
     stream.reset();
 
     QuicChromiumClientSession* session =
-        QuicStreamFactoryPeer::GetActiveSession(&factory_, destination,
-                                                is_https_);
+        QuicStreamFactoryPeer::GetActiveSession(&factory_, destination);
 
     if (socket_count + 1 != socket_factory_.udp_client_sockets().size()) {
       EXPECT_TRUE(false);
@@ -416,7 +412,6 @@ class QuicStreamFactoryTest : public ::testing::TestWithParam<TestParams> {
   TransportSecurityState transport_security_state_;
   QuicStreamFactory factory_;
   HostPortPair host_port_pair_;
-  bool is_https_;
   PrivacyMode privacy_mode_;
   BoundNetLog net_log_;
   TestCompletionCallback callback_;
@@ -436,7 +431,7 @@ TEST_P(QuicStreamFactoryTest, Create) {
 
   QuicStreamRequest request(&factory_);
   EXPECT_EQ(ERR_IO_PENDING,
-            request.Request(host_port_pair_, is_https_, privacy_mode_,
+            request.Request(host_port_pair_, privacy_mode_,
                             /*cert_verify_flags=*/0, host_port_pair_.host(),
                             "GET", net_log_, callback_.callback()));
 
@@ -452,7 +447,7 @@ TEST_P(QuicStreamFactoryTest, Create) {
   // in streams on different sessions.
   QuicStreamRequest request2(&factory_);
   EXPECT_EQ(OK,
-            request2.Request(host_port_pair_, is_https_, privacy_mode_,
+            request2.Request(host_port_pair_, privacy_mode_,
                              /*cert_verify_flags=*/0, host_port_pair_.host(),
                              "GET", net_log_, callback_.callback()));
   stream = request2.ReleaseStream();  // Will reset stream 5.
@@ -477,7 +472,7 @@ TEST_P(QuicStreamFactoryTest, CreateZeroRtt) {
                                            "192.168.0.1", "");
 
   QuicStreamRequest request(&factory_);
-  EXPECT_EQ(OK, request.Request(host_port_pair_, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_,
                                 /*cert_verify_flags=*/0, host_port_pair_.host(),
                                 "GET", net_log_, callback_.callback()));
 
@@ -504,7 +499,7 @@ TEST_P(QuicStreamFactoryTest, CreateZeroRttPost) {
   QuicStreamRequest request(&factory_);
   // Posts require handshake confirmation, so this will return asynchronously.
   EXPECT_EQ(ERR_IO_PENDING,
-            request.Request(host_port_pair_, is_https_, privacy_mode_,
+            request.Request(host_port_pair_, privacy_mode_,
                             /*cert_verify_flags=*/0, host_port_pair_.host(),
                             "POST", net_log_, callback_.callback()));
 
@@ -535,7 +530,7 @@ TEST_P(QuicStreamFactoryTest, NoZeroRttForDifferentHost) {
 
   QuicStreamRequest request(&factory_);
   int rv = request.Request(
-      host_port_pair_, is_https_, privacy_mode_, /*cert_verify_flags=*/0,
+      host_port_pair_, privacy_mode_, /*cert_verify_flags=*/0,
       "different.host.example.com", "GET", net_log_, callback_.callback());
   // If server and origin have different hostnames, then handshake confirmation
   // should be required, so Request will return asynchronously.
@@ -551,48 +546,6 @@ TEST_P(QuicStreamFactoryTest, NoZeroRttForDifferentHost) {
   EXPECT_TRUE(socket_data.AllWriteDataConsumed());
 }
 
-TEST_P(QuicStreamFactoryTest, CreateHttpVsHttps) {
-  MockRead reads[] = {
-    MockRead(ASYNC, OK, 0)  // EOF
-  };
-  DeterministicSocketData socket_data1(reads, arraysize(reads), nullptr, 0);
-  DeterministicSocketData socket_data2(reads, arraysize(reads), nullptr, 0);
-  socket_factory_.AddSocketDataProvider(&socket_data1);
-  socket_factory_.AddSocketDataProvider(&socket_data2);
-  socket_data1.StopAfter(1);
-  socket_data2.StopAfter(1);
-
-  QuicStreamRequest request(&factory_);
-  EXPECT_EQ(ERR_IO_PENDING,
-            request.Request(host_port_pair_, is_https_, privacy_mode_,
-                            /*cert_verify_flags=*/0, host_port_pair_.host(),
-                            "GET", net_log_, callback_.callback()));
-
-  EXPECT_EQ(OK, callback_.WaitForResult());
-  scoped_ptr<QuicHttpStream> stream = request.ReleaseStream();
-  EXPECT_TRUE(stream.get());
-
-  QuicStreamRequest request2(&factory_);
-  EXPECT_EQ(ERR_IO_PENDING,
-            request2.Request(host_port_pair_, !is_https_, privacy_mode_,
-                             /*cert_verify_flags=*/0, host_port_pair_.host(),
-                             "GET", net_log_, callback_.callback()));
-  EXPECT_EQ(OK, callback_.WaitForResult());
-  stream = request2.ReleaseStream();
-  EXPECT_TRUE(stream.get());
-  stream.reset();
-
-  EXPECT_NE(QuicStreamFactoryPeer::GetActiveSession(
-                &factory_, host_port_pair_, is_https_),
-            QuicStreamFactoryPeer::GetActiveSession(
-                &factory_, host_port_pair_, !is_https_));
-
-  EXPECT_TRUE(socket_data1.AllReadDataConsumed());
-  EXPECT_TRUE(socket_data1.AllWriteDataConsumed());
-  EXPECT_TRUE(socket_data2.AllReadDataConsumed());
-  EXPECT_TRUE(socket_data2.AllWriteDataConsumed());
-}
-
 TEST_P(QuicStreamFactoryTest, GoAway) {
   MockRead reads[] = {
       MockRead(ASYNC, OK, 0)  // EOF
@@ -603,7 +556,7 @@ TEST_P(QuicStreamFactoryTest, GoAway) {
 
   QuicStreamRequest request(&factory_);
   EXPECT_EQ(ERR_IO_PENDING,
-            request.Request(host_port_pair_, is_https_, privacy_mode_,
+            request.Request(host_port_pair_, privacy_mode_,
                             /*cert_verify_flags=*/0, host_port_pair_.host(),
                             "GET", net_log_, callback_.callback()));
 
@@ -611,13 +564,13 @@ TEST_P(QuicStreamFactoryTest, GoAway) {
   scoped_ptr<QuicHttpStream> stream = request.ReleaseStream();
   EXPECT_TRUE(stream.get());
 
-  QuicChromiumClientSession* session = QuicStreamFactoryPeer::GetActiveSession(
-      &factory_, host_port_pair_, is_https_);
+  QuicChromiumClientSession* session =
+      QuicStreamFactoryPeer::GetActiveSession(&factory_, host_port_pair_);
 
   session->OnGoAway(QuicGoAwayFrame());
 
-  EXPECT_FALSE(QuicStreamFactoryPeer::HasActiveSession(
-      &factory_, host_port_pair_, is_https_));
+  EXPECT_FALSE(
+      QuicStreamFactoryPeer::HasActiveSession(&factory_, host_port_pair_));
 
   EXPECT_TRUE(socket_data.AllReadDataConsumed());
   EXPECT_TRUE(socket_data.AllWriteDataConsumed());
@@ -639,7 +592,7 @@ TEST_P(QuicStreamFactoryTest, Pooling) {
       "mail.google.com", "192.168.0.1", "");
 
   QuicStreamRequest request(&factory_);
-  EXPECT_EQ(OK, request.Request(host_port_pair_, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_,
                                 /*cert_verify_flags=*/0, host_port_pair_.host(),
                                 "GET", net_log_, callback_.callback()));
   scoped_ptr<QuicHttpStream> stream = request.ReleaseStream();
@@ -647,16 +600,14 @@ TEST_P(QuicStreamFactoryTest, Pooling) {
 
   TestCompletionCallback callback;
   QuicStreamRequest request2(&factory_);
-  EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request2.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, server2.host(), "GET",
                                  net_log_, callback.callback()));
   scoped_ptr<QuicHttpStream> stream2 = request2.ReleaseStream();
   EXPECT_TRUE(stream2.get());
 
-  EXPECT_EQ(
-      QuicStreamFactoryPeer::GetActiveSession(
-          &factory_, host_port_pair_, is_https_),
-      QuicStreamFactoryPeer::GetActiveSession(&factory_, server2, is_https_));
+  EXPECT_EQ(QuicStreamFactoryPeer::GetActiveSession(&factory_, host_port_pair_),
+            QuicStreamFactoryPeer::GetActiveSession(&factory_, server2));
 
   EXPECT_TRUE(socket_data.AllReadDataConsumed());
   EXPECT_TRUE(socket_data.AllWriteDataConsumed());
@@ -684,7 +635,7 @@ TEST_P(QuicStreamFactoryTest, NoPoolingIfDisabled) {
   QuicStreamFactoryPeer::DisableConnectionPooling(&factory_);
 
   QuicStreamRequest request(&factory_);
-  EXPECT_EQ(OK, request.Request(host_port_pair_, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_,
                                 /*cert_verify_flags=*/0, host_port_pair_.host(),
                                 "GET", net_log_, callback_.callback()));
   scoped_ptr<QuicHttpStream> stream = request.ReleaseStream();
@@ -692,16 +643,14 @@ TEST_P(QuicStreamFactoryTest, NoPoolingIfDisabled) {
 
   TestCompletionCallback callback;
   QuicStreamRequest request2(&factory_);
-  EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request2.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, server2.host(), "GET",
                                  net_log_, callback.callback()));
   scoped_ptr<QuicHttpStream> stream2 = request2.ReleaseStream();
   EXPECT_TRUE(stream2.get());
 
-  EXPECT_NE(
-      QuicStreamFactoryPeer::GetActiveSession(
-          &factory_, host_port_pair_, is_https_),
-      QuicStreamFactoryPeer::GetActiveSession(&factory_, server2, is_https_));
+  EXPECT_NE(QuicStreamFactoryPeer::GetActiveSession(&factory_, host_port_pair_),
+            QuicStreamFactoryPeer::GetActiveSession(&factory_, server2));
 
   EXPECT_TRUE(socket_data1.AllReadDataConsumed());
   EXPECT_TRUE(socket_data1.AllWriteDataConsumed());
@@ -728,7 +677,7 @@ TEST_P(QuicStreamFactoryTest, NoPoolingAfterGoAway) {
       "mail.google.com", "192.168.0.1", "");
 
   QuicStreamRequest request(&factory_);
-  EXPECT_EQ(OK, request.Request(host_port_pair_, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_,
                                 /*cert_verify_flags=*/0, host_port_pair_.host(),
                                 "GET", net_log_, callback_.callback()));
   scoped_ptr<QuicHttpStream> stream = request.ReleaseStream();
@@ -736,29 +685,27 @@ TEST_P(QuicStreamFactoryTest, NoPoolingAfterGoAway) {
 
   TestCompletionCallback callback;
   QuicStreamRequest request2(&factory_);
-  EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request2.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, server2.host(), "GET",
                                  net_log_, callback.callback()));
   scoped_ptr<QuicHttpStream> stream2 = request2.ReleaseStream();
   EXPECT_TRUE(stream2.get());
 
-  factory_.OnSessionGoingAway(QuicStreamFactoryPeer::GetActiveSession(
-      &factory_, host_port_pair_, is_https_));
-  EXPECT_FALSE(QuicStreamFactoryPeer::HasActiveSession(
-      &factory_, host_port_pair_, is_https_));
-  EXPECT_FALSE(QuicStreamFactoryPeer::HasActiveSession(
-      &factory_, server2, is_https_));
+  factory_.OnSessionGoingAway(
+      QuicStreamFactoryPeer::GetActiveSession(&factory_, host_port_pair_));
+  EXPECT_FALSE(
+      QuicStreamFactoryPeer::HasActiveSession(&factory_, host_port_pair_));
+  EXPECT_FALSE(QuicStreamFactoryPeer::HasActiveSession(&factory_, server2));
 
   TestCompletionCallback callback3;
   QuicStreamRequest request3(&factory_);
-  EXPECT_EQ(OK, request3.Request(server2, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request3.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, server2.host(), "GET",
                                  net_log_, callback3.callback()));
   scoped_ptr<QuicHttpStream> stream3 = request3.ReleaseStream();
   EXPECT_TRUE(stream3.get());
 
-  EXPECT_TRUE(QuicStreamFactoryPeer::HasActiveSession(
-      &factory_, server2, is_https_));
+  EXPECT_TRUE(QuicStreamFactoryPeer::HasActiveSession(&factory_, server2));
 
   EXPECT_TRUE(socket_data1.AllReadDataConsumed());
   EXPECT_TRUE(socket_data1.AllWriteDataConsumed());
@@ -785,8 +732,7 @@ TEST_P(QuicStreamFactoryTest, HttpsPooling) {
   host_resolver_.rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", "");
 
   QuicStreamRequest request(&factory_);
-  is_https_ = true;
-  EXPECT_EQ(OK, request.Request(server1, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request.Request(server1, privacy_mode_,
                                 /*cert_verify_flags=*/0, server1.host(), "GET",
                                 net_log_, callback_.callback()));
   scoped_ptr<QuicHttpStream> stream = request.ReleaseStream();
@@ -794,16 +740,14 @@ TEST_P(QuicStreamFactoryTest, HttpsPooling) {
 
   TestCompletionCallback callback;
   QuicStreamRequest request2(&factory_);
-  EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request2.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, server2.host(), "GET",
                                  net_log_, callback_.callback()));
   scoped_ptr<QuicHttpStream> stream2 = request2.ReleaseStream();
   EXPECT_TRUE(stream2.get());
 
-  EXPECT_EQ(QuicStreamFactoryPeer::GetActiveSession(
-                &factory_, server1, is_https_),
-            QuicStreamFactoryPeer::GetActiveSession(
-                &factory_, server2, is_https_));
+  EXPECT_EQ(QuicStreamFactoryPeer::GetActiveSession(&factory_, server1),
+            QuicStreamFactoryPeer::GetActiveSession(&factory_, server2));
 
   EXPECT_TRUE(socket_data.AllReadDataConsumed());
   EXPECT_TRUE(socket_data.AllWriteDataConsumed());
@@ -834,8 +778,7 @@ TEST_P(QuicStreamFactoryTest, NoHttpsPoolingIfDisabled) {
   QuicStreamFactoryPeer::DisableConnectionPooling(&factory_);
 
   QuicStreamRequest request(&factory_);
-  is_https_ = true;
-  EXPECT_EQ(OK, request.Request(server1, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request.Request(server1, privacy_mode_,
                                 /*cert_verify_flags=*/0, server1.host(), "GET",
                                 net_log_, callback_.callback()));
   scoped_ptr<QuicHttpStream> stream = request.ReleaseStream();
@@ -843,16 +786,14 @@ TEST_P(QuicStreamFactoryTest, NoHttpsPoolingIfDisabled) {
 
   TestCompletionCallback callback;
   QuicStreamRequest request2(&factory_);
-  EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request2.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, server2.host(), "GET",
                                  net_log_, callback_.callback()));
   scoped_ptr<QuicHttpStream> stream2 = request2.ReleaseStream();
   EXPECT_TRUE(stream2.get());
 
-  EXPECT_NE(QuicStreamFactoryPeer::GetActiveSession(
-                &factory_, server1, is_https_),
-            QuicStreamFactoryPeer::GetActiveSession(
-                &factory_, server2, is_https_));
+  EXPECT_NE(QuicStreamFactoryPeer::GetActiveSession(&factory_, server1),
+            QuicStreamFactoryPeer::GetActiveSession(&factory_, server2));
 
   EXPECT_TRUE(socket_data1.AllReadDataConsumed());
   EXPECT_TRUE(socket_data1.AllWriteDataConsumed());
@@ -893,15 +834,14 @@ class QuicAlternativeServiceCertificateValidationPooling
 
     // Open first stream to alternative.
     QuicStreamRequest request1(&factory_);
-    is_https_ = true;
-    EXPECT_EQ(OK, request1.Request(alternative, is_https_, privacy_mode_,
+    EXPECT_EQ(OK, request1.Request(alternative, privacy_mode_,
                                    /*cert_verify_flags=*/0, alternative.host(),
                                    "GET", net_log_, callback_.callback()));
     scoped_ptr<QuicHttpStream> stream1 = request1.ReleaseStream();
     EXPECT_TRUE(stream1.get());
 
     QuicStreamRequest request2(&factory_);
-    int rv = request2.Request(alternative, is_https_, privacy_mode_,
+    int rv = request2.Request(alternative, privacy_mode_,
                               /*cert_verify_flags=*/0, origin_host, "GET",
                               net_log_, callback_.callback());
     if (valid) {
@@ -958,8 +898,7 @@ TEST_P(QuicStreamFactoryTest, HttpsPoolingWithMatchingPins) {
   host_resolver_.rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", "");
 
   QuicStreamRequest request(&factory_);
-  is_https_ = true;
-  EXPECT_EQ(OK, request.Request(server1, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request.Request(server1, privacy_mode_,
                                 /*cert_verify_flags=*/0, server1.host(), "GET",
                                 net_log_, callback_.callback()));
   scoped_ptr<QuicHttpStream> stream = request.ReleaseStream();
@@ -967,16 +906,14 @@ TEST_P(QuicStreamFactoryTest, HttpsPoolingWithMatchingPins) {
 
   TestCompletionCallback callback;
   QuicStreamRequest request2(&factory_);
-  EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request2.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, server2.host(), "GET",
                                  net_log_, callback_.callback()));
   scoped_ptr<QuicHttpStream> stream2 = request2.ReleaseStream();
   EXPECT_TRUE(stream2.get());
 
-  EXPECT_EQ(QuicStreamFactoryPeer::GetActiveSession(
-                &factory_, server1, is_https_),
-            QuicStreamFactoryPeer::GetActiveSession(
-                &factory_, server2, is_https_));
+  EXPECT_EQ(QuicStreamFactoryPeer::GetActiveSession(&factory_, server1),
+            QuicStreamFactoryPeer::GetActiveSession(&factory_, server2));
 
   EXPECT_TRUE(socket_data.AllReadDataConsumed());
   EXPECT_TRUE(socket_data.AllWriteDataConsumed());
@@ -1013,8 +950,7 @@ TEST_P(QuicStreamFactoryTest, NoHttpsPoolingWithMatchingPinsIfDisabled) {
   QuicStreamFactoryPeer::DisableConnectionPooling(&factory_);
 
   QuicStreamRequest request(&factory_);
-  is_https_ = true;
-  EXPECT_EQ(OK, request.Request(server1, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request.Request(server1, privacy_mode_,
                                 /*cert_verify_flags=*/0, server1.host(), "GET",
                                 net_log_, callback_.callback()));
   scoped_ptr<QuicHttpStream> stream = request.ReleaseStream();
@@ -1022,16 +958,14 @@ TEST_P(QuicStreamFactoryTest, NoHttpsPoolingWithMatchingPinsIfDisabled) {
 
   TestCompletionCallback callback;
   QuicStreamRequest request2(&factory_);
-  EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request2.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, server2.host(), "GET",
                                  net_log_, callback_.callback()));
   scoped_ptr<QuicHttpStream> stream2 = request2.ReleaseStream();
   EXPECT_TRUE(stream2.get());
 
-  EXPECT_NE(QuicStreamFactoryPeer::GetActiveSession(
-                &factory_, server1, is_https_),
-            QuicStreamFactoryPeer::GetActiveSession(
-                &factory_, server2, is_https_));
+  EXPECT_NE(QuicStreamFactoryPeer::GetActiveSession(&factory_, server1),
+            QuicStreamFactoryPeer::GetActiveSession(&factory_, server2));
 
   EXPECT_TRUE(socket_data1.AllReadDataConsumed());
   EXPECT_TRUE(socket_data1.AllWriteDataConsumed());
@@ -1073,8 +1007,7 @@ TEST_P(QuicStreamFactoryTest, NoHttpsPoolingWithDifferentPins) {
   host_resolver_.rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", "");
 
   QuicStreamRequest request(&factory_);
-  is_https_ = true;
-  EXPECT_EQ(OK, request.Request(server1, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request.Request(server1, privacy_mode_,
                                 /*cert_verify_flags=*/0, server1.host(), "GET",
                                 net_log_, callback_.callback()));
   scoped_ptr<QuicHttpStream> stream = request.ReleaseStream();
@@ -1082,16 +1015,14 @@ TEST_P(QuicStreamFactoryTest, NoHttpsPoolingWithDifferentPins) {
 
   TestCompletionCallback callback;
   QuicStreamRequest request2(&factory_);
-  EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request2.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, server2.host(), "GET",
                                  net_log_, callback_.callback()));
   scoped_ptr<QuicHttpStream> stream2 = request2.ReleaseStream();
   EXPECT_TRUE(stream2.get());
 
-  EXPECT_NE(QuicStreamFactoryPeer::GetActiveSession(
-                &factory_, server1, is_https_),
-            QuicStreamFactoryPeer::GetActiveSession(
-                &factory_, server2, is_https_));
+  EXPECT_NE(QuicStreamFactoryPeer::GetActiveSession(&factory_, server1),
+            QuicStreamFactoryPeer::GetActiveSession(&factory_, server2));
 
   EXPECT_TRUE(socket_data1.AllReadDataConsumed());
   EXPECT_TRUE(socket_data1.AllWriteDataConsumed());
@@ -1112,7 +1043,7 @@ TEST_P(QuicStreamFactoryTest, Goaway) {
 
   QuicStreamRequest request(&factory_);
   EXPECT_EQ(ERR_IO_PENDING,
-            request.Request(host_port_pair_, is_https_, privacy_mode_,
+            request.Request(host_port_pair_, privacy_mode_,
                             /*cert_verify_flags=*/0, host_port_pair_.host(),
                             "GET", net_log_, callback_.callback()));
 
@@ -1122,31 +1053,29 @@ TEST_P(QuicStreamFactoryTest, Goaway) {
 
   // Mark the session as going away.  Ensure that while it is still alive
   // that it is no longer active.
-  QuicChromiumClientSession* session = QuicStreamFactoryPeer::GetActiveSession(
-      &factory_, host_port_pair_, is_https_);
+  QuicChromiumClientSession* session =
+      QuicStreamFactoryPeer::GetActiveSession(&factory_, host_port_pair_);
   factory_.OnSessionGoingAway(session);
   EXPECT_EQ(true, QuicStreamFactoryPeer::IsLiveSession(&factory_, session));
-  EXPECT_FALSE(QuicStreamFactoryPeer::HasActiveSession(
-      &factory_, host_port_pair_, is_https_));
+  EXPECT_FALSE(
+      QuicStreamFactoryPeer::HasActiveSession(&factory_, host_port_pair_));
   EXPECT_FALSE(HasActiveSession(host_port_pair_));
 
   // Create a new request for the same destination and verify that a
   // new session is created.
   QuicStreamRequest request2(&factory_);
   EXPECT_EQ(ERR_IO_PENDING,
-            request2.Request(host_port_pair_, is_https_, privacy_mode_,
+            request2.Request(host_port_pair_, privacy_mode_,
                              /*cert_verify_flags=*/0, host_port_pair_.host(),
                              "GET", net_log_, callback_.callback()));
   EXPECT_EQ(OK, callback_.WaitForResult());
   scoped_ptr<QuicHttpStream> stream2 = request2.ReleaseStream();
   EXPECT_TRUE(stream2.get());
 
-  EXPECT_TRUE(QuicStreamFactoryPeer::HasActiveSession(&factory_,
-                                                      host_port_pair_,
-                                                      is_https_));
-  EXPECT_NE(session,
-            QuicStreamFactoryPeer::GetActiveSession(
-                &factory_, host_port_pair_, is_https_));
+  EXPECT_TRUE(
+      QuicStreamFactoryPeer::HasActiveSession(&factory_, host_port_pair_));
+  EXPECT_NE(session, QuicStreamFactoryPeer::GetActiveSession(&factory_,
+                                                             host_port_pair_));
   EXPECT_EQ(true, QuicStreamFactoryPeer::IsLiveSession(&factory_, session));
 
   stream2.reset();
@@ -1179,7 +1108,7 @@ TEST_P(QuicStreamFactoryTest, MaxOpenStream) {
   // kDefaultMaxStreamsPerConnection / 2.
   for (size_t i = 0; i < kDefaultMaxStreamsPerConnection / 2; i++) {
     QuicStreamRequest request(&factory_);
-    int rv = request.Request(host_port_pair_, is_https_, privacy_mode_,
+    int rv = request.Request(host_port_pair_, privacy_mode_,
                              /*cert_verify_flags=*/0, host_port_pair_.host(),
                              "GET", net_log_, callback_.callback());
     if (i == 0) {
@@ -1196,7 +1125,7 @@ TEST_P(QuicStreamFactoryTest, MaxOpenStream) {
   }
 
   QuicStreamRequest request(&factory_);
-  EXPECT_EQ(OK, request.Request(host_port_pair_, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_,
                                 /*cert_verify_flags=*/0, host_port_pair_.host(),
                                 "GET", net_log_, CompletionCallback()));
   scoped_ptr<QuicHttpStream> stream = request.ReleaseStream();
@@ -1224,7 +1153,7 @@ TEST_P(QuicStreamFactoryTest, ResolutionErrorInCreate) {
 
   QuicStreamRequest request(&factory_);
   EXPECT_EQ(ERR_IO_PENDING,
-            request.Request(host_port_pair_, is_https_, privacy_mode_,
+            request.Request(host_port_pair_, privacy_mode_,
                             /*cert_verify_flags=*/0, host_port_pair_.host(),
                             "GET", net_log_, callback_.callback()));
 
@@ -1243,7 +1172,7 @@ TEST_P(QuicStreamFactoryTest, ConnectErrorInCreate) {
 
   QuicStreamRequest request(&factory_);
   EXPECT_EQ(ERR_IO_PENDING,
-            request.Request(host_port_pair_, is_https_, privacy_mode_,
+            request.Request(host_port_pair_, privacy_mode_,
                             /*cert_verify_flags=*/0, host_port_pair_.host(),
                             "GET", net_log_, callback_.callback()));
 
@@ -1262,7 +1191,7 @@ TEST_P(QuicStreamFactoryTest, CancelCreate) {
   {
     QuicStreamRequest request(&factory_);
     EXPECT_EQ(ERR_IO_PENDING,
-              request.Request(host_port_pair_, is_https_, privacy_mode_,
+              request.Request(host_port_pair_, privacy_mode_,
                               /*cert_verify_flags=*/0, host_port_pair_.host(),
                               "GET", net_log_, callback_.callback()));
   }
@@ -1325,7 +1254,7 @@ TEST_P(QuicStreamFactoryTest, CloseAllSessions) {
 
   QuicStreamRequest request(&factory_);
   EXPECT_EQ(ERR_IO_PENDING,
-            request.Request(host_port_pair_, is_https_, privacy_mode_,
+            request.Request(host_port_pair_, privacy_mode_,
                             /*cert_verify_flags=*/0, host_port_pair_.host(),
                             "GET", net_log_, callback_.callback()));
 
@@ -1346,7 +1275,7 @@ TEST_P(QuicStreamFactoryTest, CloseAllSessions) {
 
   QuicStreamRequest request2(&factory_);
   EXPECT_EQ(ERR_IO_PENDING,
-            request2.Request(host_port_pair_, is_https_, privacy_mode_,
+            request2.Request(host_port_pair_, privacy_mode_,
                              /*cert_verify_flags=*/0, host_port_pair_.host(),
                              "GET", net_log_, callback_.callback()));
 
@@ -1382,7 +1311,7 @@ TEST_P(QuicStreamFactoryTest, OnIPAddressChanged) {
 
   QuicStreamRequest request(&factory_);
   EXPECT_EQ(ERR_IO_PENDING,
-            request.Request(host_port_pair_, is_https_, privacy_mode_,
+            request.Request(host_port_pair_, privacy_mode_,
                             /*cert_verify_flags=*/0, host_port_pair_.host(),
                             "GET", net_log_, callback_.callback()));
 
@@ -1404,7 +1333,7 @@ TEST_P(QuicStreamFactoryTest, OnIPAddressChanged) {
 
   QuicStreamRequest request2(&factory_);
   EXPECT_EQ(ERR_IO_PENDING,
-            request2.Request(host_port_pair_, is_https_, privacy_mode_,
+            request2.Request(host_port_pair_, privacy_mode_,
                              /*cert_verify_flags=*/0, host_port_pair_.host(),
                              "GET", net_log_, callback_.callback()));
 
@@ -1440,7 +1369,7 @@ TEST_P(QuicStreamFactoryTest, OnSSLConfigChanged) {
 
   QuicStreamRequest request(&factory_);
   EXPECT_EQ(ERR_IO_PENDING,
-            request.Request(host_port_pair_, is_https_, privacy_mode_,
+            request.Request(host_port_pair_, privacy_mode_,
                             /*cert_verify_flags=*/0, host_port_pair_.host(),
                             "GET", net_log_, callback_.callback()));
 
@@ -1460,7 +1389,7 @@ TEST_P(QuicStreamFactoryTest, OnSSLConfigChanged) {
 
   QuicStreamRequest request2(&factory_);
   EXPECT_EQ(ERR_IO_PENDING,
-            request2.Request(host_port_pair_, is_https_, privacy_mode_,
+            request2.Request(host_port_pair_, privacy_mode_,
                              /*cert_verify_flags=*/0, host_port_pair_.host(),
                              "GET", net_log_, callback_.callback()));
 
@@ -1496,7 +1425,7 @@ TEST_P(QuicStreamFactoryTest, OnCertAdded) {
 
   QuicStreamRequest request(&factory_);
   EXPECT_EQ(ERR_IO_PENDING,
-            request.Request(host_port_pair_, is_https_, privacy_mode_,
+            request.Request(host_port_pair_, privacy_mode_,
                             /*cert_verify_flags=*/0, host_port_pair_.host(),
                             "GET", net_log_, callback_.callback()));
 
@@ -1518,7 +1447,7 @@ TEST_P(QuicStreamFactoryTest, OnCertAdded) {
 
   QuicStreamRequest request2(&factory_);
   EXPECT_EQ(ERR_IO_PENDING,
-            request2.Request(host_port_pair_, is_https_, privacy_mode_,
+            request2.Request(host_port_pair_, privacy_mode_,
                              /*cert_verify_flags=*/0, host_port_pair_.host(),
                              "GET", net_log_, callback_.callback()));
 
@@ -1554,7 +1483,7 @@ TEST_P(QuicStreamFactoryTest, OnCACertChanged) {
 
   QuicStreamRequest request(&factory_);
   EXPECT_EQ(ERR_IO_PENDING,
-            request.Request(host_port_pair_, is_https_, privacy_mode_,
+            request.Request(host_port_pair_, privacy_mode_,
                             /*cert_verify_flags=*/0, host_port_pair_.host(),
                             "GET", net_log_, callback_.callback()));
 
@@ -1576,7 +1505,7 @@ TEST_P(QuicStreamFactoryTest, OnCACertChanged) {
 
   QuicStreamRequest request2(&factory_);
   EXPECT_EQ(ERR_IO_PENDING,
-            request2.Request(host_port_pair_, is_https_, privacy_mode_,
+            request2.Request(host_port_pair_, privacy_mode_,
                              /*cert_verify_flags=*/0, host_port_pair_.host(),
                              "GET", net_log_, callback_.callback()));
 
@@ -1604,7 +1533,7 @@ TEST_P(QuicStreamFactoryTest, SharedCryptoConfig) {
     HostPortPair host_port_pair1(r1_host_name, 80);
     QuicCryptoClientConfig* crypto_config =
         QuicStreamFactoryPeer::GetCryptoConfig(&factory_);
-    QuicServerId server_id1(host_port_pair1, is_https_, privacy_mode_);
+    QuicServerId server_id1(host_port_pair1, /*is_https=*/true, privacy_mode_);
     QuicCryptoClientConfig::CachedState* cached1 =
         crypto_config->LookupOrCreate(server_id1);
     EXPECT_FALSE(cached1->proof_valid());
@@ -1616,7 +1545,7 @@ TEST_P(QuicStreamFactoryTest, SharedCryptoConfig) {
     cached1->SetProofValid();
 
     HostPortPair host_port_pair2(r2_host_name, 80);
-    QuicServerId server_id2(host_port_pair2, is_https_, privacy_mode_);
+    QuicServerId server_id2(host_port_pair2, /*is_https=*/true, privacy_mode_);
     QuicCryptoClientConfig::CachedState* cached2 =
         crypto_config->LookupOrCreate(server_id2);
     EXPECT_EQ(cached1->source_address_token(), cached2->source_address_token());
@@ -1638,7 +1567,7 @@ TEST_P(QuicStreamFactoryTest, CryptoConfigWhenProofIsInvalid) {
     HostPortPair host_port_pair1(r3_host_name, 80);
     QuicCryptoClientConfig* crypto_config =
         QuicStreamFactoryPeer::GetCryptoConfig(&factory_);
-    QuicServerId server_id1(host_port_pair1, is_https_, privacy_mode_);
+    QuicServerId server_id1(host_port_pair1, /*is_https=*/true, privacy_mode_);
     QuicCryptoClientConfig::CachedState* cached1 =
         crypto_config->LookupOrCreate(server_id1);
     EXPECT_FALSE(cached1->proof_valid());
@@ -1650,7 +1579,7 @@ TEST_P(QuicStreamFactoryTest, CryptoConfigWhenProofIsInvalid) {
     cached1->SetProofInvalid();
 
     HostPortPair host_port_pair2(r4_host_name, 80);
-    QuicServerId server_id2(host_port_pair2, is_https_, privacy_mode_);
+    QuicServerId server_id2(host_port_pair2, /*is_https=*/true, privacy_mode_);
     QuicCryptoClientConfig::CachedState* cached2 =
         crypto_config->LookupOrCreate(server_id2);
     EXPECT_NE(cached1->source_address_token(), cached2->source_address_token());
@@ -1696,9 +1625,9 @@ TEST_P(QuicStreamFactoryTest, RacingConnections) {
                                            "192.168.0.1", "");
 
   QuicStreamRequest request(&factory_);
-  QuicServerId server_id(host_port_pair_, is_https_, privacy_mode_);
+  QuicServerId server_id(host_port_pair_, /*is_https=*/true, privacy_mode_);
   EXPECT_EQ(ERR_IO_PENDING,
-            request.Request(host_port_pair_, is_https_, privacy_mode_,
+            request.Request(host_port_pair_, privacy_mode_,
                             /*cert_verify_flags=*/0, host_port_pair_.host(),
                             "GET", net_log_, callback_.callback()));
   EXPECT_EQ(2u,
@@ -1732,7 +1661,7 @@ TEST_P(QuicStreamFactoryTest, EnableNotLoadFromDiskCache) {
                                            "192.168.0.1", "");
 
   QuicStreamRequest request(&factory_);
-  EXPECT_EQ(OK, request.Request(host_port_pair_, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_,
                                 /*cert_verify_flags=*/0, host_port_pair_.host(),
                                 "GET", net_log_, callback_.callback()));
 
@@ -1788,12 +1717,12 @@ TEST_P(QuicStreamFactoryTest, BadPacketLoss) {
   host_resolver_.rules()->AddIPLiteralRule(server4.host(), "192.168.0.1", "");
 
   QuicStreamRequest request(&factory_);
-  EXPECT_EQ(OK, request.Request(host_port_pair_, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_,
                                 /*cert_verify_flags=*/0, host_port_pair_.host(),
                                 "GET", net_log_, callback_.callback()));
 
-  QuicChromiumClientSession* session = QuicStreamFactoryPeer::GetActiveSession(
-      &factory_, host_port_pair_, is_https_);
+  QuicChromiumClientSession* session =
+      QuicStreamFactoryPeer::GetActiveSession(&factory_, host_port_pair_);
 
   DVLOG(1) << "Create 1st session and test packet loss";
 
@@ -1801,8 +1730,8 @@ TEST_P(QuicStreamFactoryTest, BadPacketLoss) {
   EXPECT_FALSE(
       factory_.OnHandshakeConfirmed(session, /*packet_loss_rate=*/0.9f));
   EXPECT_TRUE(session->connection()->connected());
-  EXPECT_TRUE(QuicStreamFactoryPeer::HasActiveSession(
-      &factory_, host_port_pair_, is_https_));
+  EXPECT_TRUE(
+      QuicStreamFactoryPeer::HasActiveSession(&factory_, host_port_pair_));
   EXPECT_FALSE(
       QuicStreamFactoryPeer::IsQuicDisabled(&factory_, host_port_pair_.port()));
   EXPECT_EQ(0, QuicStreamFactoryPeer::GetNumberOfLossyConnections(
@@ -1817,8 +1746,8 @@ TEST_P(QuicStreamFactoryTest, BadPacketLoss) {
   EXPECT_TRUE(session->connection()->connected());
   EXPECT_FALSE(
       QuicStreamFactoryPeer::IsQuicDisabled(&factory_, host_port_pair_.port()));
-  EXPECT_TRUE(QuicStreamFactoryPeer::HasActiveSession(
-      &factory_, host_port_pair_, is_https_));
+  EXPECT_TRUE(
+      QuicStreamFactoryPeer::HasActiveSession(&factory_, host_port_pair_));
 
   // Test N-in-a-row high packet loss connections.
 
@@ -1826,11 +1755,11 @@ TEST_P(QuicStreamFactoryTest, BadPacketLoss) {
 
   TestCompletionCallback callback2;
   QuicStreamRequest request2(&factory_);
-  EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request2.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, server2.host(), "GET",
                                  net_log_, callback2.callback()));
   QuicChromiumClientSession* session2 =
-      QuicStreamFactoryPeer::GetActiveSession(&factory_, server2, is_https_);
+      QuicStreamFactoryPeer::GetActiveSession(&factory_, server2);
 
   // If there is no packet loss during handshake confirmation, number of lossy
   // connections for the port should be 0.
@@ -1852,27 +1781,26 @@ TEST_P(QuicStreamFactoryTest, BadPacketLoss) {
   EXPECT_TRUE(session2->connection()->connected());
   EXPECT_FALSE(
       QuicStreamFactoryPeer::IsQuicDisabled(&factory_, server2.port()));
-  EXPECT_TRUE(
-      QuicStreamFactoryPeer::HasActiveSession(&factory_, server2, is_https_));
+  EXPECT_TRUE(QuicStreamFactoryPeer::HasActiveSession(&factory_, server2));
 
   DVLOG(1) << "Create 3rd session which also has packet loss";
 
   TestCompletionCallback callback3;
   QuicStreamRequest request3(&factory_);
-  EXPECT_EQ(OK, request3.Request(server3, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request3.Request(server3, privacy_mode_,
                                  /*cert_verify_flags=*/0, server3.host(), "GET",
                                  net_log_, callback3.callback()));
   QuicChromiumClientSession* session3 =
-      QuicStreamFactoryPeer::GetActiveSession(&factory_, server3, is_https_);
+      QuicStreamFactoryPeer::GetActiveSession(&factory_, server3);
 
   DVLOG(1) << "Create 4th session with packet loss and test IsQuicDisabled()";
   TestCompletionCallback callback4;
   QuicStreamRequest request4(&factory_);
-  EXPECT_EQ(OK, request4.Request(server4, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request4.Request(server4, privacy_mode_,
                                  /*cert_verify_flags=*/0, server4.host(), "GET",
                                  net_log_, callback4.callback()));
   QuicChromiumClientSession* session4 =
-      QuicStreamFactoryPeer::GetActiveSession(&factory_, server4, is_https_);
+      QuicStreamFactoryPeer::GetActiveSession(&factory_, server4);
 
   // Set packet_loss_rate to higher value than packet_loss_threshold 2nd time in
   // a row and that should close the session and disable QUIC.
@@ -1882,8 +1810,7 @@ TEST_P(QuicStreamFactoryTest, BadPacketLoss) {
                    &factory_, server3.port()));
   EXPECT_FALSE(session3->connection()->connected());
   EXPECT_TRUE(QuicStreamFactoryPeer::IsQuicDisabled(&factory_, server3.port()));
-  EXPECT_FALSE(
-      QuicStreamFactoryPeer::HasActiveSession(&factory_, server3, is_https_));
+  EXPECT_FALSE(QuicStreamFactoryPeer::HasActiveSession(&factory_, server3));
   EXPECT_FALSE(HasActiveSession(server3));
 
   // Set packet_loss_rate to higher value than packet_loss_threshold 3rd time in
@@ -1894,8 +1821,7 @@ TEST_P(QuicStreamFactoryTest, BadPacketLoss) {
                    &factory_, server4.port()));
   EXPECT_FALSE(session4->connection()->connected());
   EXPECT_TRUE(QuicStreamFactoryPeer::IsQuicDisabled(&factory_, server4.port()));
-  EXPECT_FALSE(
-      QuicStreamFactoryPeer::HasActiveSession(&factory_, server4, is_https_));
+  EXPECT_FALSE(QuicStreamFactoryPeer::HasActiveSession(&factory_, server4));
   EXPECT_FALSE(HasActiveSession(server4));
 
   scoped_ptr<QuicHttpStream> stream = request.ReleaseStream();
@@ -1946,12 +1872,12 @@ TEST_P(QuicStreamFactoryTest, PublicResetPostHandshakeTwoOfTwo) {
   host_resolver_.rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", "");
 
   QuicStreamRequest request(&factory_);
-  EXPECT_EQ(OK, request.Request(host_port_pair_, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_,
                                 /*cert_verify_flags=*/0, host_port_pair_.host(),
                                 "GET", net_log_, callback_.callback()));
 
-  QuicChromiumClientSession* session = QuicStreamFactoryPeer::GetActiveSession(
-      &factory_, host_port_pair_, is_https_);
+  QuicChromiumClientSession* session =
+      QuicStreamFactoryPeer::GetActiveSession(&factory_, host_port_pair_);
 
   DVLOG(1) << "Created 1st session. Now trigger public reset post handshake";
   session->connection()->CloseConnection(QUIC_PUBLIC_RESET, true);
@@ -1969,11 +1895,11 @@ TEST_P(QuicStreamFactoryTest, PublicResetPostHandshakeTwoOfTwo) {
   DVLOG(1) << "Create 2nd session and trigger public reset post handshake";
   TestCompletionCallback callback2;
   QuicStreamRequest request2(&factory_);
-  EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request2.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, server2.host(), "GET",
                                  net_log_, callback2.callback()));
   QuicChromiumClientSession* session2 =
-      QuicStreamFactoryPeer::GetActiveSession(&factory_, server2, is_https_);
+      QuicStreamFactoryPeer::GetActiveSession(&factory_, server2);
 
   session2->connection()->CloseConnection(QUIC_PUBLIC_RESET, true);
   // Need to spin the loop now to ensure that
@@ -2028,12 +1954,12 @@ TEST_P(QuicStreamFactoryTest, TimeoutsWithOpenStreamsTwoOfTwo) {
   host_resolver_.rules()->AddIPLiteralRule(server2.host(), "192.168.0.1", "");
 
   QuicStreamRequest request(&factory_);
-  EXPECT_EQ(OK, request.Request(host_port_pair_, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_,
                                 /*cert_verify_flags=*/0, host_port_pair_.host(),
                                 "GET", net_log_, callback_.callback()));
 
-  QuicChromiumClientSession* session = QuicStreamFactoryPeer::GetActiveSession(
-      &factory_, host_port_pair_, is_https_);
+  QuicChromiumClientSession* session =
+      QuicStreamFactoryPeer::GetActiveSession(&factory_, host_port_pair_);
 
   scoped_ptr<QuicHttpStream> stream = request.ReleaseStream();
   EXPECT_TRUE(stream.get());
@@ -2057,11 +1983,11 @@ TEST_P(QuicStreamFactoryTest, TimeoutsWithOpenStreamsTwoOfTwo) {
   DVLOG(1) << "Create 2nd session and timeout with open stream";
   TestCompletionCallback callback2;
   QuicStreamRequest request2(&factory_);
-  EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request2.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, server2.host(), "GET",
                                  net_log_, callback2.callback()));
   QuicChromiumClientSession* session2 =
-      QuicStreamFactoryPeer::GetActiveSession(&factory_, server2, is_https_);
+      QuicStreamFactoryPeer::GetActiveSession(&factory_, server2);
 
   scoped_ptr<QuicHttpStream> stream2 = request2.ReleaseStream();
   EXPECT_TRUE(stream2.get());
@@ -2121,12 +2047,12 @@ TEST_P(QuicStreamFactoryTest, PublicResetPostHandshakeTwoOfThree) {
 
   // Test first and third out of three public reset post handshakes.
   QuicStreamRequest request(&factory_);
-  EXPECT_EQ(OK, request.Request(host_port_pair_, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_,
                                 /*cert_verify_flags=*/0, host_port_pair_.host(),
                                 "GET", net_log_, callback_.callback()));
 
-  QuicChromiumClientSession* session = QuicStreamFactoryPeer::GetActiveSession(
-      &factory_, host_port_pair_, is_https_);
+  QuicChromiumClientSession* session =
+      QuicStreamFactoryPeer::GetActiveSession(&factory_, host_port_pair_);
 
   DVLOG(1) << "Created 1st session. Now trigger public reset post handshake";
   session->connection()->CloseConnection(QUIC_PUBLIC_RESET, true);
@@ -2143,11 +2069,11 @@ TEST_P(QuicStreamFactoryTest, PublicResetPostHandshakeTwoOfThree) {
   DVLOG(1) << "Create 2nd session without disable trigger";
   TestCompletionCallback callback2;
   QuicStreamRequest request2(&factory_);
-  EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request2.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, server2.host(), "GET",
                                  net_log_, callback2.callback()));
   QuicChromiumClientSession* session2 =
-      QuicStreamFactoryPeer::GetActiveSession(&factory_, server2, is_https_);
+      QuicStreamFactoryPeer::GetActiveSession(&factory_, server2);
 
   session2->connection()->CloseConnection(QUIC_NO_ERROR, false);
   // Need to spin the loop now to ensure that
@@ -2163,11 +2089,11 @@ TEST_P(QuicStreamFactoryTest, PublicResetPostHandshakeTwoOfThree) {
            << " will disable QUIC";
   TestCompletionCallback callback3;
   QuicStreamRequest request3(&factory_);
-  EXPECT_EQ(OK, request3.Request(server3, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request3.Request(server3, privacy_mode_,
                                  /*cert_verify_flags=*/0, server3.host(), "GET",
                                  net_log_, callback3.callback()));
   QuicChromiumClientSession* session3 =
-      QuicStreamFactoryPeer::GetActiveSession(&factory_, server3, is_https_);
+      QuicStreamFactoryPeer::GetActiveSession(&factory_, server3);
 
   session3->connection()->CloseConnection(QUIC_PUBLIC_RESET, true);
   // Need to spin the loop now to ensure that
@@ -2235,12 +2161,12 @@ TEST_P(QuicStreamFactoryTest, TimeoutsWithOpenStreamsTwoOfThree) {
 
   // Test first and third out of three timeouts with open streams.
   QuicStreamRequest request(&factory_);
-  EXPECT_EQ(OK, request.Request(host_port_pair_, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_,
                                 /*cert_verify_flags=*/0, host_port_pair_.host(),
                                 "GET", net_log_, callback_.callback()));
 
-  QuicChromiumClientSession* session = QuicStreamFactoryPeer::GetActiveSession(
-      &factory_, host_port_pair_, is_https_);
+  QuicChromiumClientSession* session =
+      QuicStreamFactoryPeer::GetActiveSession(&factory_, host_port_pair_);
 
   scoped_ptr<QuicHttpStream> stream = request.ReleaseStream();
   EXPECT_TRUE(stream.get());
@@ -2264,11 +2190,11 @@ TEST_P(QuicStreamFactoryTest, TimeoutsWithOpenStreamsTwoOfThree) {
   DVLOG(1) << "Create 2nd session without timeout";
   TestCompletionCallback callback2;
   QuicStreamRequest request2(&factory_);
-  EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request2.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, server2.host(), "GET",
                                  net_log_, callback2.callback()));
   QuicChromiumClientSession* session2 =
-      QuicStreamFactoryPeer::GetActiveSession(&factory_, server2, is_https_);
+      QuicStreamFactoryPeer::GetActiveSession(&factory_, server2);
 
   session2->connection()->CloseConnection(QUIC_NO_ERROR, true);
   // Need to spin the loop now to ensure that
@@ -2284,11 +2210,11 @@ TEST_P(QuicStreamFactoryTest, TimeoutsWithOpenStreamsTwoOfThree) {
 
   TestCompletionCallback callback3;
   QuicStreamRequest request3(&factory_);
-  EXPECT_EQ(OK, request3.Request(server3, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request3.Request(server3, privacy_mode_,
                                  /*cert_verify_flags=*/0, server3.host(), "GET",
                                  net_log_, callback3.callback()));
   QuicChromiumClientSession* session3 =
-      QuicStreamFactoryPeer::GetActiveSession(&factory_, server3, is_https_);
+      QuicStreamFactoryPeer::GetActiveSession(&factory_, server3);
 
   scoped_ptr<QuicHttpStream> stream3 = request3.ReleaseStream();
   EXPECT_TRUE(stream3.get());
@@ -2358,12 +2284,12 @@ TEST_P(QuicStreamFactoryTest, PublicResetPostHandshakeTwoOfFour) {
 
   // Test first and fourth out of four public reset post handshakes.
   QuicStreamRequest request(&factory_);
-  EXPECT_EQ(OK, request.Request(host_port_pair_, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_,
                                 /*cert_verify_flags=*/0, host_port_pair_.host(),
                                 "GET", net_log_, callback_.callback()));
 
-  QuicChromiumClientSession* session = QuicStreamFactoryPeer::GetActiveSession(
-      &factory_, host_port_pair_, is_https_);
+  QuicChromiumClientSession* session =
+      QuicStreamFactoryPeer::GetActiveSession(&factory_, host_port_pair_);
 
   DVLOG(1) << "Created 1st session. Now trigger public reset post handshake";
   session->connection()->CloseConnection(QUIC_PUBLIC_RESET, true);
@@ -2380,11 +2306,11 @@ TEST_P(QuicStreamFactoryTest, PublicResetPostHandshakeTwoOfFour) {
   DVLOG(1) << "Create 2nd and 3rd sessions without disable trigger";
   TestCompletionCallback callback2;
   QuicStreamRequest request2(&factory_);
-  EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request2.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, server2.host(), "GET",
                                  net_log_, callback2.callback()));
   QuicChromiumClientSession* session2 =
-      QuicStreamFactoryPeer::GetActiveSession(&factory_, server2, is_https_);
+      QuicStreamFactoryPeer::GetActiveSession(&factory_, server2);
 
   session2->connection()->CloseConnection(QUIC_NO_ERROR, false);
   // Need to spin the loop now to ensure that
@@ -2398,11 +2324,11 @@ TEST_P(QuicStreamFactoryTest, PublicResetPostHandshakeTwoOfFour) {
 
   TestCompletionCallback callback3;
   QuicStreamRequest request3(&factory_);
-  EXPECT_EQ(OK, request3.Request(server3, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request3.Request(server3, privacy_mode_,
                                  /*cert_verify_flags=*/0, server3.host(), "GET",
                                  net_log_, callback3.callback()));
   QuicChromiumClientSession* session3 =
-      QuicStreamFactoryPeer::GetActiveSession(&factory_, server3, is_https_);
+      QuicStreamFactoryPeer::GetActiveSession(&factory_, server3);
 
   session3->connection()->CloseConnection(QUIC_NO_ERROR, false);
   // Need to spin the loop now to ensure that
@@ -2418,11 +2344,11 @@ TEST_P(QuicStreamFactoryTest, PublicResetPostHandshakeTwoOfFour) {
            << " will not disable QUIC";
   TestCompletionCallback callback4;
   QuicStreamRequest request4(&factory_);
-  EXPECT_EQ(OK, request4.Request(server4, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request4.Request(server4, privacy_mode_,
                                  /*cert_verify_flags=*/0, server4.host(), "GET",
                                  net_log_, callback4.callback()));
   QuicChromiumClientSession* session4 =
-      QuicStreamFactoryPeer::GetActiveSession(&factory_, server4, is_https_);
+      QuicStreamFactoryPeer::GetActiveSession(&factory_, server4);
 
   session4->connection()->CloseConnection(QUIC_PUBLIC_RESET, true);
   // Need to spin the loop now to ensure that
@@ -2497,12 +2423,12 @@ TEST_P(QuicStreamFactoryTest, TimeoutsWithOpenStreamsTwoOfFour) {
 
   // Test first and fourth out of three timeouts with open streams.
   QuicStreamRequest request(&factory_);
-  EXPECT_EQ(OK, request.Request(host_port_pair_, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_,
                                 /*cert_verify_flags=*/0, host_port_pair_.host(),
                                 "GET", net_log_, callback_.callback()));
 
-  QuicChromiumClientSession* session = QuicStreamFactoryPeer::GetActiveSession(
-      &factory_, host_port_pair_, is_https_);
+  QuicChromiumClientSession* session =
+      QuicStreamFactoryPeer::GetActiveSession(&factory_, host_port_pair_);
 
   scoped_ptr<QuicHttpStream> stream = request.ReleaseStream();
   EXPECT_TRUE(stream.get());
@@ -2525,11 +2451,11 @@ TEST_P(QuicStreamFactoryTest, TimeoutsWithOpenStreamsTwoOfFour) {
   DVLOG(1) << "Create 2nd and 3rd sessions without timeout";
   TestCompletionCallback callback2;
   QuicStreamRequest request2(&factory_);
-  EXPECT_EQ(OK, request2.Request(server2, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request2.Request(server2, privacy_mode_,
                                  /*cert_verify_flags=*/0, server2.host(), "GET",
                                  net_log_, callback2.callback()));
   QuicChromiumClientSession* session2 =
-      QuicStreamFactoryPeer::GetActiveSession(&factory_, server2, is_https_);
+      QuicStreamFactoryPeer::GetActiveSession(&factory_, server2);
 
   session2->connection()->CloseConnection(QUIC_NO_ERROR, true);
   // Need to spin the loop now to ensure that
@@ -2542,11 +2468,11 @@ TEST_P(QuicStreamFactoryTest, TimeoutsWithOpenStreamsTwoOfFour) {
 
   TestCompletionCallback callback3;
   QuicStreamRequest request3(&factory_);
-  EXPECT_EQ(OK, request3.Request(server3, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request3.Request(server3, privacy_mode_,
                                  /*cert_verify_flags=*/0, server3.host(), "GET",
                                  net_log_, callback3.callback()));
   QuicChromiumClientSession* session3 =
-      QuicStreamFactoryPeer::GetActiveSession(&factory_, server3, is_https_);
+      QuicStreamFactoryPeer::GetActiveSession(&factory_, server3);
 
   session3->connection()->CloseConnection(QUIC_NO_ERROR, true);
   // Need to spin the loop now to ensure that
@@ -2562,11 +2488,11 @@ TEST_P(QuicStreamFactoryTest, TimeoutsWithOpenStreamsTwoOfFour) {
 
   TestCompletionCallback callback4;
   QuicStreamRequest request4(&factory_);
-  EXPECT_EQ(OK, request4.Request(server4, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request4.Request(server4, privacy_mode_,
                                  /*cert_verify_flags=*/0, server4.host(), "GET",
                                  net_log_, callback4.callback()));
   QuicChromiumClientSession* session4 =
-      QuicStreamFactoryPeer::GetActiveSession(&factory_, server4, is_https_);
+      QuicStreamFactoryPeer::GetActiveSession(&factory_, server4);
 
   scoped_ptr<QuicHttpStream> stream4 = request4.ReleaseStream();
   EXPECT_TRUE(stream4.get());
@@ -2617,7 +2543,7 @@ TEST_P(QuicStreamFactoryTest, EnableDelayTcpRace) {
 
   QuicStreamRequest request(&factory_);
   EXPECT_EQ(ERR_IO_PENDING,
-            request.Request(host_port_pair_, is_https_, privacy_mode_,
+            request.Request(host_port_pair_, privacy_mode_,
                             /*cert_verify_flags=*/0, host_port_pair_.host(),
                             "POST", net_log_, callback_.callback()));
 
@@ -2743,7 +2669,7 @@ TEST_P(QuicStreamFactoryTest, YieldAfterPackets) {
   SpdySessionTestTaskObserver observer("quic_packet_reader.cc", "StartReading");
 
   QuicStreamRequest request(&factory_);
-  EXPECT_EQ(OK, request.Request(host_port_pair_, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_,
                                 /*cert_verify_flags=*/0, host_port_pair_.host(),
                                 "GET", net_log_, callback_.callback()));
 
@@ -2788,7 +2714,7 @@ TEST_P(QuicStreamFactoryTest, YieldAfterDuration) {
   SpdySessionTestTaskObserver observer("quic_packet_reader.cc", "StartReading");
 
   QuicStreamRequest request(&factory_);
-  EXPECT_EQ(OK, request.Request(host_port_pair_, is_https_, privacy_mode_,
+  EXPECT_EQ(OK, request.Request(host_port_pair_, privacy_mode_,
                                 /*cert_verify_flags=*/0, host_port_pair_.host(),
                                 "GET", net_log_, callback_.callback()));
 
diff --git a/net/tools/quic/quic_client_bin.cc b/net/tools/quic/quic_client_bin.cc
index 06ef771..a905aa0 100644
--- a/net/tools/quic/quic_client_bin.cc
+++ b/net/tools/quic/quic_client_bin.cc
@@ -77,7 +77,7 @@ using std::endl;
 // The IP or hostname the quic client will connect to.
 string FLAGS_host = "";
 // The port to connect to.
-int32 FLAGS_port = 80;
+int32 FLAGS_port = 0;
 // If set, send a POST with this body.
 string FLAGS_body = "";
 // A semicolon separated list of key:value pairs to add to request headers.
@@ -182,13 +182,15 @@ int main(int argc, char *argv[]) {
   // Determine IP address to connect to from supplied hostname.
   net::IPAddressNumber ip_addr;
 
-  // TODO(rtenneti): GURL's doesn't support default_protocol argument, thus
-  // protocol is required in the URL.
   GURL url(urls[0]);
   string host = FLAGS_host;
   if (host.empty()) {
     host = url.host();
   }
+  int port = FLAGS_port;
+  if (port == 0) {
+    port = url.EffectiveIntPort();
+  }
   if (!net::ParseIPLiteralToNumber(host, &ip_addr)) {
     net::AddressList addresses;
     int rv = net::tools::SynchronousHostResolver::Resolve(host, &addresses);
@@ -200,19 +202,19 @@ int main(int argc, char *argv[]) {
     ip_addr = addresses[0].address();
   }
 
-  string host_port = net::IPAddressToStringWithPort(ip_addr, FLAGS_port);
+  string host_port = net::IPAddressToStringWithPort(ip_addr, port);
   VLOG(1) << "Resolved " << host << " to " << host_port << endl;
 
   // Build the client, and try to connect.
   net::EpollServer epoll_server;
-  net::QuicServerId server_id(url.host(), FLAGS_port, /*is_https=*/true,
-                              net::PRIVACY_MODE_DISABLED);
+  net::QuicServerId server_id(url.host(), url.EffectiveIntPort(),
+                              /*is_https=*/true, net::PRIVACY_MODE_DISABLED);
   net::QuicVersionVector versions = net::QuicSupportedVersions();
   if (FLAGS_quic_version != -1) {
     versions.clear();
     versions.push_back(static_cast<net::QuicVersion>(FLAGS_quic_version));
   }
-  net::tools::QuicClient client(net::IPEndPoint(ip_addr, FLAGS_port), server_id,
+  net::tools::QuicClient client(net::IPEndPoint(ip_addr, port), server_id,
                                 versions, &epoll_server);
   scoped_ptr<CertVerifier> cert_verifier;
   scoped_ptr<TransportSecurityState> transport_security_state;
diff --git a/net/tools/quic/quic_simple_client_bin.cc b/net/tools/quic/quic_simple_client_bin.cc
index 4cc3f32..b2b1246 100644
--- a/net/tools/quic/quic_simple_client_bin.cc
+++ b/net/tools/quic/quic_simple_client_bin.cc
@@ -78,7 +78,7 @@ using std::endl;
 // The IP or hostname the quic client will connect to.
 string FLAGS_host = "";
 // The port to connect to.
-int32 FLAGS_port = 80;
+int32 FLAGS_port = 0;
 // If set, send a POST with this body.
 string FLAGS_body = "";
 // A semicolon separated list of key:value pairs to add to request headers.
@@ -190,6 +190,10 @@ int main(int argc, char *argv[]) {
   if (host.empty()) {
     host = url.host();
   }
+  int port = FLAGS_port;
+  if (port == 0) {
+    port = url.EffectiveIntPort();
+  }
   if (!net::ParseIPLiteralToNumber(host, &ip_addr)) {
     net::AddressList addresses;
     int rv = net::tools::SynchronousHostResolver::Resolve(host, &addresses);
@@ -205,15 +209,15 @@ int main(int argc, char *argv[]) {
   VLOG(1) << "Resolved " << host << " to " << host_port << endl;
 
   // Build the client, and try to connect.
-  net::QuicServerId server_id(host, FLAGS_port, /*is_https=*/true,
-                              net::PRIVACY_MODE_DISABLED);
+  net::QuicServerId server_id(url.host(), url.EffectiveIntPort(),
+                              /*is_https=*/true, net::PRIVACY_MODE_DISABLED);
   net::QuicVersionVector versions = net::QuicSupportedVersions();
   if (FLAGS_quic_version != -1) {
     versions.clear();
     versions.push_back(static_cast<net::QuicVersion>(FLAGS_quic_version));
   }
-  net::tools::QuicSimpleClient client(net::IPEndPoint(ip_addr, FLAGS_port),
-                                      server_id, versions);
+  net::tools::QuicSimpleClient client(net::IPEndPoint(ip_addr, port), server_id,
+                                      versions);
   scoped_ptr<CertVerifier> cert_verifier;
   scoped_ptr<TransportSecurityState> transport_security_state;
   client.set_initial_max_packet_length(
diff --git a/net/url_request/url_request_context_builder.cc b/net/url_request/url_request_context_builder.cc
index d892187..0f049dc 100644
--- a/net/url_request/url_request_context_builder.cc
+++ b/net/url_request/url_request_context_builder.cc
@@ -177,8 +177,7 @@ URLRequestContextBuilder::HttpNetworkSessionParams::HttpNetworkSessionParams()
       testing_fixed_https_port(0),
       next_protos(NextProtosDefaults()),
       use_alternative_services(true),
-      enable_quic(false),
-      enable_insecure_quic(false) {}
+      enable_quic(false) {}
 
 URLRequestContextBuilder::HttpNetworkSessionParams::~HttpNetworkSessionParams()
 {}
@@ -390,8 +389,6 @@ scoped_ptr<URLRequestContext> URLRequestContextBuilder::Build() {
       http_network_session_params_.trusted_spdy_proxy;
   network_session_params.next_protos = http_network_session_params_.next_protos;
   network_session_params.enable_quic = http_network_session_params_.enable_quic;
-  network_session_params.enable_insecure_quic =
-      http_network_session_params_.enable_insecure_quic;
   network_session_params.quic_connection_options =
       http_network_session_params_.quic_connection_options;
 
diff --git a/net/url_request/url_request_context_builder.h b/net/url_request/url_request_context_builder.h
index 5b121d5..135e748 100644
--- a/net/url_request/url_request_context_builder.h
+++ b/net/url_request/url_request_context_builder.h
@@ -83,7 +83,6 @@ class NET_EXPORT URLRequestContextBuilder {
     std::string trusted_spdy_proxy;
     bool use_alternative_services;
     bool enable_quic;
-    bool enable_insecure_quic;
     QuicTagVector quic_connection_options;
   };
 
@@ -183,10 +182,6 @@ class NET_EXPORT URLRequestContextBuilder {
   void SetSpdyAndQuicEnabled(bool spdy_enabled,
                              bool quic_enabled);
 
-  void set_enable_insecure_quic(bool enable_insecure_quic) {
-    http_network_session_params_.enable_insecure_quic = enable_insecure_quic;
-  }
-
   void set_quic_connection_options(
       const QuicTagVector& quic_connection_options) {
     http_network_session_params_.quic_connection_options =