From 02d1d4480b811b26d3e80aecf4a4f4777de858de Mon Sep 17 00:00:00 2001
From: "wtc@chromium.org"
 <wtc@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Sat, 10 Aug 2013 13:38:26 +0000
Subject: Handle the TLS version fallback on the bad_record_mac alert error in
 http_network_transaction.cc, so that it applies to SSLClientSockets based on
 both NSS and OpenSSL.

R=agl@chromium.org,rsleevi@chromium.org
BUG=260358
TEST=net_unittests, plus manual testing: visit https://www.web-secured.com/.
Should get a successful TLS 1.0 connection, rather than
ERR_SSL_BAD_RECORD_MAC_ALERT.

Review URL: https://chromiumcodereview.appspot.com/22633004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@216836 0039d316-1c4b-4281-b951-d872f2087c98
---
 net/socket/ssl_client_socket_nss.cc | 9 ---------
 1 file changed, 9 deletions(-)

(limited to 'net/socket')

diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index d1f2832..72154bb 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -1861,15 +1861,6 @@ int SSLClientSocketNSS::Core::DoHandshake() {
       net_error = ERR_SSL_PROTOCOL_ERROR;
     }
 
-    // Some broken SSL devices negotiate TLS 1.0 when sent a TLS 1.1 or 1.2
-    // ClientHello, but then return a bad-record-MAC alert. See
-    // crbug.com/260358. In order to make the fallback as minimal as possible,
-    // this fallback is only triggered for >= TLS 1.1.
-    if (net_error == ERR_SSL_BAD_RECORD_MAC_ALERT &&
-        ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1_1) {
-      net_error = ERR_SSL_PROTOCOL_ERROR;
-    }
-
     // If not done, stay in this state
     if (net_error == ERR_IO_PENDING) {
       GotoState(STATE_HANDSHAKE);
-- 
cgit v1.1