blob: 5f43e0ab43458f1c86633fc08e1672329e941827 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
// Copyright 2015 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef NET_SSL_SSL_FAILURE_STATE_H_
#define NET_SSL_SSL_FAILURE_STATE_H_
namespace net {
// Describes the most likely cause for the TLS handshake failure. This is an
// approximation used to classify the causes of TLS version fallback. These
// values are used in histograms, so new values must be appended.
enum SSLFailureState {
// The connection was successful.
SSL_FAILURE_NONE = 0,
// The connection failed for unknown reasons.
SSL_FAILURE_UNKNOWN = 1,
// The connection failed after sending ClientHello and before receiving
// ServerHello.
SSL_FAILURE_CLIENT_HELLO = 2,
// The connection failed after negotiating TLS_RSA_WITH_AES_128_GCM_SHA256 or
// TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 and completing the client's second
// leg. Some Microsoft IIS servers fail at this point. See
// https://crbug.com/433406.
SSL_FAILURE_BUGGY_GCM = 3,
// The connection failed after CertificateVerify was sent. Some servers are
// known to incorrectly implement TLS 1.2 client auth.
SSL_FAILURE_CLIENT_AUTH = 4,
// The connection failed because the server attempted to resume a session at
// the wrong version. Some versions of OpenSSL may do this in rare
// circumstances. See https://crbug.com/441456
SSL_FAILURE_SESSION_MISMATCH = 5,
// The connection failed after sending the NextProto message. Some F5 servers
// fail to parse such messages in TLS 1.1 and TLS 1.2, but not 1.0. See
// https://crbug.com/466977.
SSL_FAILURE_NEXT_PROTO = 6,
SSL_FAILURE_MAX,
};
} // namespace net
#endif // NET_SSL_SSL_FAILURE_STATE_H_
|
