5 files changed, 54 insertions, 3 deletions
diff --git a/net/base/connection_type_histograms.h b/net/base/connection_type_histograms.h
index e6c2a59..e3e4a84 100644
--- a/net/base/connection_type_histograms.h
+++ b/net/base/connection_type_histograms.h
@@ -30,6 +30,11 @@ enum ConnectionType {
                               // in the certificate chain (excluding root)
   CONNECTION_HTTP = 7,     // An HTTP connection
   CONNECTION_SPDY = 8,     // A SPDY connection
+  CONNECTION_SSL_SSL2 = 9,     // An SSL connection that uses SSL 2.0
+  CONNECTION_SSL_SSL3 = 10,    // An SSL connection that uses SSL 3.0
+  CONNECTION_SSL_TLS1 = 11,    // An SSL connection that uses TLS 1.0
+  CONNECTION_SSL_TLS1_1 = 12,  // An SSL connection that uses TLS 1.1
+  CONNECTION_SSL_TLS1_2 = 13,  // An SSL connection that uses TLS 1.2
   NUM_OF_CONNECTION_TYPES
 };
 
diff --git a/net/base/ssl_cipher_suite_names.cc b/net/base/ssl_cipher_suite_names.cc
index 2db9a4b..39efd1c 100644
--- a/net/base/ssl_cipher_suite_names.cc
+++ b/net/base/ssl_cipher_suite_names.cc
@@ -6,6 +6,8 @@
 
 #include <stdlib.h>
 
+#include "base/logging.h"
+#include "net/base/ssl_connection_status_flags.h"
 
 // Rather than storing the names of all the ciphersuites we eliminate the
 // redundancy and break each cipher suite into a key exchange method, cipher
@@ -346,4 +348,28 @@ void SSLCompressionToString(const char** name, uint8 compresssion) {
   }
 }
 
+void SSLVersionToString(const char** name, int ssl_version) {
+  switch (ssl_version) {
+    case SSL_CONNECTION_VERSION_SSL2:
+      *name = "SSL 2.0";
+      break;
+    case SSL_CONNECTION_VERSION_SSL3:
+      *name = "SSL 3.0";
+      break;
+    case SSL_CONNECTION_VERSION_TLS1:
+      *name = "TLS 1.0";
+      break;
+    case SSL_CONNECTION_VERSION_TLS1_1:
+      *name = "TLS 1.1";
+      break;
+    case SSL_CONNECTION_VERSION_TLS1_2:
+      *name = "TLS 1.2";
+      break;
+    default:
+      NOTREACHED();
+      *name = "???";
+      break;
+  }
+}
+
 }  // namespace net
diff --git a/net/base/ssl_cipher_suite_names.h b/net/base/ssl_cipher_suite_names.h
index cd61471..9241c1b 100644
--- a/net/base/ssl_cipher_suite_names.h
+++ b/net/base/ssl_cipher_suite_names.h
@@ -25,6 +25,12 @@ void SSLCipherSuiteToStrings(const char** key_exchange_str,
 // If the algorithm is unknown, |name| is set to "???".
 void SSLCompressionToString(const char** name, uint8 compression_method);
 
+// SSLVersionToString returns the name of the SSL protocol version
+// specified by |ssl_version|, which is defined in
+// net/base/ssl_connection_status_flags.h.
+// If the version is unknown, |name| is set to "???".
+void SSLVersionToString(const char** name, int ssl_version);
+
 }  // namespace net
 
 #endif  // NET_BASE_SSL_CIPHER_SUITE_NAMES_H_
diff --git a/net/base/ssl_connection_status_flags.h b/net/base/ssl_connection_status_flags.h
index 1b7640c..51eb884 100644
--- a/net/base/ssl_connection_status_flags.h
+++ b/net/base/ssl_connection_status_flags.h
@@ -27,6 +27,16 @@ enum {
   // library that doesn't report it, like SChannel.)
   SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION = 1 << 19,
 
+  // The next three bits are reserved for the SSL version.
+  SSL_CONNECTION_VERSION_SHIFT = 20,
+  SSL_CONNECTION_VERSION_MASK = 7,
+  SSL_CONNECTION_VERSION_UNKNOWN = 0,  // Unknown SSL version or SSL not used.
+  SSL_CONNECTION_VERSION_SSL2 = 1,
+  SSL_CONNECTION_VERSION_SSL3 = 2,
+  SSL_CONNECTION_VERSION_TLS1 = 3,
+  SSL_CONNECTION_VERSION_TLS1_1 = 4,
+  SSL_CONNECTION_VERSION_TLS1_2 = 5,
+
   // 1 << 31 (the sign bit) is reserved so that the SSL connection status will
   // never be negative.
 };
@@ -41,6 +51,11 @@ inline int SSLConnectionStatusToCompression(int connection_status) {
          SSL_CONNECTION_COMPRESSION_MASK;
 }
 
+inline int SSLConnectionStatusToVersion(int connection_status) {
+  return (connection_status >> SSL_CONNECTION_VERSION_SHIFT) &
+         SSL_CONNECTION_VERSION_MASK;
+}
+
 }  // namespace net
 
 #endif  // NET_BASE_SSL_CONNECTION_STATUS_FLAGS_H_
diff --git a/net/base/ssl_info.h b/net/base/ssl_info.h
index 1786b58..4c68f06 100644
--- a/net/base/ssl_info.h
+++ b/net/base/ssl_info.h
@@ -42,9 +42,8 @@ class SSLInfo {
   int security_bits;
 
   // Information about the SSL connection itself. See
-  // ssl_connection_status_flags.h for values. The ciphersuite and compression
-  // in use are encoded within.
-  // TODO(agl): also encode the protocol version used.
+  // ssl_connection_status_flags.h for values. The protocol version,
+  // ciphersuite, and compression in use are encoded within.
   int connection_status;
 };