Do not roll back to SSL 3.0 for Google properties.

chrome/browser/net/ssl_config_service_manager_pref_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/net/ssl_config_service_manager.h"
 
 #include "base/command_line.h"
 #include "base/memory/ref_counted.h"
 #include "base/message_loop.h"
 #include "base/prefs/pref_registry_simple.h"
@@ skipping 202 matching lines @@
 
   SSLConfig config;
   config_service->GetSSLConfig(&config);
 
   EXPECT_NE(old_config.disabled_cipher_suites, config.disabled_cipher_suites);
   ASSERT_EQ(2u, config.disabled_cipher_suites.size());
   EXPECT_EQ(0x0004, config.disabled_cipher_suites[0]);
   EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]);
 }
 
-// Test that without command-line settings for minimum and maximum SSL
-// versions, SSL 3.0 ~ default_version_max() are enabled.
+// Test that
+// * without command-line settings for minimum and maximum SSL versions,
+//   SSL 3.0 ~ default_version_max() are enabled;
+// * without --enable-unrestricted_ssl3-fallback,

[agl, 2013/04/19 14:41:52]

s/_/-/

[thaidn_google, 2013/04/19 18:21:11]

Done.

+//   |unrestricted_ssl3_fallback_enabled| is false.
 TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) {
   scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
 
   PrefServiceMockBuilder builder;
   builder.WithUserPrefs(local_state_store.get());
   scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple;
   scoped_ptr<PrefService> local_state(builder.Create(registry));
 
   SSLConfigServiceManager::RegisterPrefs(registry);
 
   scoped_ptr<SSLConfigServiceManager> config_manager(
       SSLConfigServiceManager::CreateDefaultManager(local_state.get(), NULL));
   ASSERT_TRUE(config_manager.get());
   scoped_refptr<SSLConfigService> config_service(config_manager->Get());
   ASSERT_TRUE(config_service.get());
 
   SSLConfig ssl_config;
   config_service->GetSSLConfig(&ssl_config);
   // The default value in the absence of command-line options is that
   // SSL 3.0 ~ default_version_max() are enabled.
   EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_min);
   EXPECT_EQ(net::SSLConfigService::default_version_max(),
             ssl_config.version_max);
+  EXPECT_FALSE(ssl_config.unrestricted_ssl3_fallback_enabled);
 
   // The settings should not be added to the local_state.
   EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMin));
   EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMax));
+  EXPECT_FALSE(local_state->HasPrefPath(
+      prefs::kEnableUnrestrictedSSL3Fallback));
 
   // Explicitly double-check the settings are not in the preference store.
   std::string version_min_str;
   std::string version_max_str;
   EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin,
                                             &version_min_str));
   EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax,
                                             &version_max_str));
+  bool unrestricted_ssl3_fallback_enabled;
+  EXPECT_FALSE(local_state_store->GetBoolean(
+      prefs::kEnableUnrestrictedSSL3Fallback,
+      &unrestricted_ssl3_fallback_enabled));
 }
 
 // Test that command-line settings for minimum and maximum SSL versions are
 // respected and that they do not persist to the preferences files.
 TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) {
   scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
 
   CommandLine command_line(CommandLine::NO_PROGRAM);
   command_line.AppendSwitchASCII(switches::kSSLVersionMin, "tls1");
   command_line.AppendSwitchASCII(switches::kSSLVersionMax, "ssl3");
+  command_line.AppendSwitch(switches::kEnableUnrestrictedSSL3Fallback);
 
   PrefServiceMockBuilder builder;
   builder.WithUserPrefs(local_state_store.get());
   builder.WithCommandLine(&command_line);
   scoped_refptr<PrefRegistrySimple> registry = new PrefRegistrySimple;
   scoped_ptr<PrefService> local_state(builder.Create(registry));
 
   SSLConfigServiceManager::RegisterPrefs(registry);
 
   scoped_ptr<SSLConfigServiceManager> config_manager(
       SSLConfigServiceManager::CreateDefaultManager(local_state.get(), NULL));
   ASSERT_TRUE(config_manager.get());
   scoped_refptr<SSLConfigService> config_service(config_manager->Get());
   ASSERT_TRUE(config_service.get());
 
   SSLConfig ssl_config;
   config_service->GetSSLConfig(&ssl_config);
   // Command-line flags should be respected.
   EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min);
   EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_max);
+  EXPECT_TRUE(ssl_config.unrestricted_ssl3_fallback_enabled);
 
   // Explicitly double-check the settings are not in the preference store.
   const PrefService::Preference* version_min_pref =
       local_state->FindPreference(prefs::kSSLVersionMin);
   EXPECT_FALSE(version_min_pref->IsUserModifiable());
 
   const PrefService::Preference* version_max_pref =
       local_state->FindPreference(prefs::kSSLVersionMax);
   EXPECT_FALSE(version_max_pref->IsUserModifiable());
 
+  const PrefService::Preference* ssl3_fallback_pref =
+      local_state->FindPreference(prefs::kEnableUnrestrictedSSL3Fallback);
+  EXPECT_FALSE(ssl3_fallback_pref->IsUserModifiable());
+
   std::string version_min_str;
   std::string version_max_str;
   EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin,
                                             &version_min_str));
   EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax,
                                             &version_max_str));
+  bool unrestricted_ssl3_fallback_enabled;
+  EXPECT_FALSE(local_state_store->GetBoolean(
+      prefs::kEnableUnrestrictedSSL3Fallback,
+      &unrestricted_ssl3_fallback_enabled));
 }