Only record fallback metrics on successful requests.

net/http/http_network_transaction.cc

Index: net/http/http_network_transaction.cc
diff --git a/net/http/http_network_transaction.cc b/net/http/http_network_transaction.cc
index 9bf323d99c9a1599c3c20b28d5cf48e545af29bc..7cef96778ac4602edf2936a124877c4618ea114e 100644
--- a/net/http/http_network_transaction.cc
+++ b/net/http/http_network_transaction.cc
@@ -786,6 +786,8 @@ int HttpNetworkTransaction::DoCreateStreamComplete(int result) {
     CopyConnectionAttemptsFromStreamRequest();
 
   if (result == OK) {
+    if (request_->url.SchemeIs("https"))
+      RecordSSLFallbackMetrics();
     next_state_ = STATE_INIT_STREAM;
     DCHECK(stream_.get());
   } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
@@ -1530,6 +1532,50 @@ void HttpNetworkTransaction::ResetStateForAuthRestart() {
   establishing_tunnel_ = false;
 }
 
+void HttpNetworkTransaction::RecordSSLFallbackMetrics() {
+  enum FallbackVersion {
+    FALLBACK_NONE = 0,    // SSL version fallback did not occur.
+    FALLBACK_SSL3 = 1,    // Fell back to SSL 3.0.
+    FALLBACK_TLS1 = 2,    // Fell back to TLS 1.0.
+    FALLBACK_TLS1_1 = 3,  // Fell back to TLS 1.1.
+    FALLBACK_MAX,
+  };
+
+  FallbackVersion fallback = FALLBACK_NONE;
+  if (server_ssl_config_.version_fallback) {
+    switch (server_ssl_config_.version_max) {
+      case SSL_PROTOCOL_VERSION_SSL3:
+        fallback = FALLBACK_SSL3;
+        break;
+      case SSL_PROTOCOL_VERSION_TLS1:
+        fallback = FALLBACK_TLS1;
+        break;
+      case SSL_PROTOCOL_VERSION_TLS1_1:
+        fallback = FALLBACK_TLS1_1;
+        break;
+      default:
+        NOTREACHED();
+    }
+  }
+  UMA_HISTOGRAM_ENUMERATION("Net.ConnectionUsedSSLVersionFallback2", fallback,
+                            FALLBACK_MAX);
+
+  // We also wish to measure the amount of fallback connections for a host that
+  // we know implements TLS up to 1.2. Ideally there would be no fallback here
+  // but high numbers of SSLv3 would suggest that SSLv3 fallback is being
+  // caused by network middleware rather than buggy HTTPS servers.
+  const std::string& host = request_->url.host();
+  if (host.size() >= 10 &&
+      host.compare(host.size() - 10, 10, "google.com") == 0 &&
+      (host.size() == 10 || host[host.size() - 11] == '.')) {

[Alexei Svitkine (slow), 2015/05/01 17:41:30]

Nit: Can you just use EndsWith()?

[davidben, 2015/05/01 22:50:54]

I just copied that from the original code. :-) Switched it to EndsWith.

+    UMA_HISTOGRAM_ENUMERATION("Net.GoogleConnectionUsedSSLVersionFallback2",
+                              fallback, FALLBACK_MAX);
+  }
+
+  UMA_HISTOGRAM_BOOLEAN("Net.ConnectionUsedSSLDeprecatedCipherFallback2",
+                        server_ssl_config_.enable_deprecated_cipher_suites);
+}
+
 HttpResponseHeaders* HttpNetworkTransaction::GetResponseHeaders() const {
   return response_.headers.get();
 }