1 files changed, 7 insertions, 2 deletions

diff --git a/net/http/http_transaction_winhttp.cc b/net/http/http_transaction_winhttp.cc
index 14d82a6..239d93d 100644
--- a/net/http/http_transaction_winhttp.cc
+++ b/net/http/http_transaction_winhttp.cc
@@ -58,6 +58,8 @@ static int TranslateOSError(DWORD error) {
     case ERROR_WINHTTP_SECURE_FAILURE:
     case SEC_E_ILLEGAL_MESSAGE:
       return ERR_SSL_PROTOCOL_ERROR;
+    case SEC_E_ALGORITHM_MISMATCH:
+      return ERR_SSL_VERSION_OR_CIPHER_MISMATCH;
     case ERROR_WINHTTP_CLIENT_AUTH_CERT_NEEDED:
       return ERR_SSL_CLIENT_AUTH_CERT_NEEDED;
     case ERROR_WINHTTP_UNRECOGNIZED_SCHEME:
@@ -1343,10 +1345,13 @@ int HttpTransactionWinHttp::DidReceiveError(DWORD error,
   last_error_ = error;
   rv = TranslateOSError(error);
 
-  if (rv == ERR_SSL_PROTOCOL_ERROR &&
+  if ((rv == ERR_SSL_PROTOCOL_ERROR ||
+       rv == ERR_SSL_VERSION_OR_CIPHER_MISMATCH) &&
       !session_callback_->request_was_probably_sent() &&
       session_->tls_enabled() && !is_tls_intolerant_) {
-    // The server might be TLS intolerant.  Downgrade to SSL 3.0 and retry.
+    // The server might be TLS intolerant.  Or it might be an SSL 3.0 server
+    // that chose a TLS-only cipher suite, which we handle in the same way.
+    // Downgrade to SSL 3.0 and retry.
     is_tls_intolerant_ = true;
     if (!ReopenRequest())
       return TranslateLastOSError();