1 files changed, 14 insertions, 2 deletions

diff --git a/net/socket/ssl_client_socket_unittest.cc b/net/socket/ssl_client_socket_unittest.cc
index dce9f0a..6ab66c0 100644
--- a/net/socket/ssl_client_socket_unittest.cc
+++ b/net/socket/ssl_client_socket_unittest.cc
@@ -2506,7 +2506,8 @@ TEST_F(SSLClientSocketTest, FallbackShardSessionCache) {
             SSLConnectionStatusToVersion(ssl_info.connection_status));
 }
 
-// Test that RC4 is only enabled if rc4_enabled is set.
+// Test that RC4 is only enabled if rc4_enabled and
+// deprecated_cipher_suites_enabled are both set.
 TEST_F(SSLClientSocketTest, RC4Enabled) {
   SpawnedTestServer::SSLOptions ssl_options;
   ssl_options.bulk_ciphers = SpawnedTestServer::SSLOptions::BULK_CIPHER_RC4;
@@ -2518,9 +2519,20 @@ TEST_F(SSLClientSocketTest, RC4Enabled) {
   ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
   EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv);
 
-  // Enabling RC4 works fine.
+  // RC4 is also not enabled in the fallback handshake.
+  ssl_config.deprecated_cipher_suites_enabled = true;
+  ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
+  EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv);
+
+  // Even if RC4 is enabled, it is not sent in the initial handshake.
+  ssl_config.deprecated_cipher_suites_enabled = false;
   ssl_config.rc4_enabled = true;
   ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
+  EXPECT_EQ(ERR_SSL_VERSION_OR_CIPHER_MISMATCH, rv);
+
+  // If enabled, RC4 works in the fallback handshake.
+  ssl_config.deprecated_cipher_suites_enabled = true;
+  ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
   EXPECT_EQ(OK, rv);
 }