Only record fallback metrics on successful requests.

net/http/http_network_transaction.cc

Index: net/http/http_network_transaction.cc
diff --git a/net/http/http_network_transaction.cc b/net/http/http_network_transaction.cc
index 9bf323d99c9a1599c3c20b28d5cf48e545af29bc..9d779a88d9d349808a5063d283e51a3bfc2c68e7 100644
--- a/net/http/http_network_transaction.cc
+++ b/net/http/http_network_transaction.cc
@@ -786,6 +786,8 @@ int HttpNetworkTransaction::DoCreateStreamComplete(int result) {
     CopyConnectionAttemptsFromStreamRequest();
 
   if (result == OK) {
+    if (request_->url.SchemeIsCryptographic())
+      RecordSSLFallbackMetrics();
     next_state_ = STATE_INIT_STREAM;
     DCHECK(stream_.get());
   } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
@@ -1530,6 +1532,50 @@ void HttpNetworkTransaction::ResetStateForAuthRestart() {
   establishing_tunnel_ = false;
 }
 
+void HttpNetworkTransaction::RecordSSLFallbackMetrics() {
+  // Note: these values are used in histograms, so new values must be appended.
+  enum FallbackVersion {
+    FALLBACK_NONE = 0,    // SSL version fallback did not occur.
+    FALLBACK_SSL3 = 1,    // Fell back to SSL 3.0.
+    FALLBACK_TLS1 = 2,    // Fell back to TLS 1.0.
+    FALLBACK_TLS1_1 = 3,  // Fell back to TLS 1.1.
+    FALLBACK_MAX,
+  };
+
+  FallbackVersion fallback = FALLBACK_NONE;
+  if (server_ssl_config_.version_fallback) {
+    switch (server_ssl_config_.version_max) {
+      case SSL_PROTOCOL_VERSION_SSL3:
+        fallback = FALLBACK_SSL3;
+        break;
+      case SSL_PROTOCOL_VERSION_TLS1:
+        fallback = FALLBACK_TLS1;
+        break;
+      case SSL_PROTOCOL_VERSION_TLS1_1:
+        fallback = FALLBACK_TLS1_1;
+        break;
+      default:
+        NOTREACHED();
+    }
+  }
+  UMA_HISTOGRAM_ENUMERATION("Net.ConnectionUsedSSLVersionFallback2", fallback,
+                            FALLBACK_MAX);
+
+  // We also wish to measure the amount of fallback connections for a host that
+  // we know implements TLS up to 1.2. Ideally there would be no fallback here
+  // but high numbers of SSLv3 would suggest that SSLv3 fallback is being
+  // caused by network middleware rather than buggy HTTPS servers.

[Ryan Sleevi, 2015/05/02 00:37:34]

Update this comment to reflect your explanation then?

[davidben, 2015/05/04 17:51:17]

Done.

+  const std::string& host = request_->url.host();
+  if (EndsWith(host, "google.com", true) &&
+      (host.size() == 10 || host[host.size() - 11] == '.')) {
+    UMA_HISTOGRAM_ENUMERATION("Net.GoogleConnectionUsedSSLVersionFallback2",
+                              fallback, FALLBACK_MAX);
+  }
+
+  UMA_HISTOGRAM_BOOLEAN("Net.ConnectionUsedSSLDeprecatedCipherFallback2",
+                        server_ssl_config_.enable_deprecated_cipher_suites);
+}
+
 HttpResponseHeaders* HttpNetworkTransaction::GetResponseHeaders() const {
   return response_.headers.get();
 }