Remove SSL 2.0 support.

net/socket/ssl_client_socket_win.cc

 // Copyright (c) 2010 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/socket/ssl_client_socket_win.h"
 
 #include <schnlsp.h>
 #include <map>
 
 #include "base/compiler_specific.h"
@@ skipping 92 matching lines @@
       return OK;
     default:
       LOG(WARNING) << "Unknown error " << err << " mapped to net::ERR_FAILED";
       return ERR_FAILED;
   }
 }
 
 //-----------------------------------------------------------------------------
 
 // A bitmask consisting of these bit flags encodes which versions of the SSL
-// protocol (SSL 2.0, SSL 3.0, and TLS 1.0) are enabled.
+// protocol (SSL 3.0 and TLS 1.0) are enabled.
 enum {
-  SSL2 = 1 << 0,
-  SSL3 = 1 << 1,
-  TLS1 = 1 << 2,
-  SSL_VERSION_MASKS = 1 << 3  // The number of SSL version bitmasks.
+  SSL3 = 1 << 0,
+  TLS1 = 1 << 1,
+  SSL_VERSION_MASKS = 1 << 2  // The number of SSL version bitmasks.
 };
 
 // CredHandleClass simply gives a default constructor and a destructor to
 // SSPI's CredHandle type (a C struct).
 class CredHandleClass : public CredHandle {
  public:
   CredHandleClass() {
     SecInvalidateHandle(this);
   }
 
@@ skipping 74 matching lines @@
   schannel_cred.dwVersion = SCHANNEL_CRED_VERSION;
   if (client_cert) {
     schannel_cred.cCreds = 1;
     schannel_cred.paCred = &client_cert;
     // Schannel will make its own copy of client_cert.
   }
 
   // The global system registry settings take precedence over the value of
   // schannel_cred.grbitEnabledProtocols.
   schannel_cred.grbitEnabledProtocols = 0;
-  if (ssl_version_mask & SSL2)
-    schannel_cred.grbitEnabledProtocols |= SP_PROT_SSL2;
   if (ssl_version_mask & SSL3)
     schannel_cred.grbitEnabledProtocols |= SP_PROT_SSL3;
   if (ssl_version_mask & TLS1)
     schannel_cred.grbitEnabledProtocols |= SP_PROT_TLS1;
 
   // The default session lifetime is 36000000 milliseconds (ten hours).  Set
   // schannel_cred.dwSessionLifespan to change the number of milliseconds that
   // Schannel keeps the session in its session cache.
 
   // We can set the key exchange algorithms (RSA or DH) in
@@ skipping 328 matching lines @@
   if (rv == ERR_IO_PENDING) {
     user_connect_callback_ = callback;
   } else {
     net_log_.EndEvent(NetLog::TYPE_SSL_CONNECT, NULL);
   }
   return rv;
 }
 
 int SSLClientSocketWin::InitializeSSLContext() {
   int ssl_version_mask = 0;
-  if (ssl_config_.ssl2_enabled)
-    ssl_version_mask |= SSL2;
   if (ssl_config_.ssl3_enabled)
     ssl_version_mask |= SSL3;
   if (ssl_config_.tls1_enabled)
     ssl_version_mask |= TLS1;
   // If we pass 0 to GetCredHandle, we will let Schannel select the protocols,
   // rather than enabling no protocols.  So we have to fail here.
   if (ssl_version_mask == 0)
     return ERR_NO_SSL_VERSIONS_ENABLED;
   PCCERT_CONTEXT cert_context = NULL;
   if (ssl_config_.client_cert)
@@ skipping 935 matching lines @@
     UpdateConnectionTypeHistograms(CONNECTION_SSL_MD2_CA);
 }
 
 void SSLClientSocketWin::FreeSendBuffer() {
   SECURITY_STATUS status = FreeContextBuffer(send_buffer_.pvBuffer);
   DCHECK(status == SEC_E_OK);
   memset(&send_buffer_, 0, sizeof(send_buffer_));
 }
 
 }  // namespace net