Do not roll back to SSL 3.0 for Google properties.

chrome/browser/net/ssl_config_service_manager_pref.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 #include "chrome/browser/net/ssl_config_service_manager.h"
 
 #include <algorithm>
 #include <string>
 #include <vector>
 
 #include "base/basictypes.h"
@@ skipping 44 matching lines @@
       LOG(ERROR) << "Ignoring unrecognized or unparsable cipher suite: "
                  << *it;
       continue;
     }
     cipher_suites.push_back(cipher_suite);
   }
   std::sort(cipher_suites.begin(), cipher_suites.end());
   return cipher_suites;
 }
 
-// Returns the string representation of an SSL protocol version. Returns an
-// empty string on error.
-std::string SSLProtocolVersionToString(uint16 version) {
-  switch (version) {
-    case net::SSL_PROTOCOL_VERSION_SSL3:
-      return "ssl3";
-    case net::SSL_PROTOCOL_VERSION_TLS1:
-      return "tls1";
-    case net::SSL_PROTOCOL_VERSION_TLS1_1:
-      return "tls1.1";
-    case net::SSL_PROTOCOL_VERSION_TLS1_2:
-      return "tls1.2";
-    default:
-      NOTREACHED();
-      return std::string();
-  }
-}
-
-// Returns the SSL protocol version (as a uint16) represented by a string.
-// Returns 0 if the string is invalid.
-uint16 SSLProtocolVersionFromString(const std::string& version_str) {
-  uint16 version = 0;  // Invalid.
-  if (version_str == "ssl3") {
-    version = net::SSL_PROTOCOL_VERSION_SSL3;
-  } else if (version_str == "tls1") {
-    version = net::SSL_PROTOCOL_VERSION_TLS1;
-  } else if (version_str == "tls1.1") {
-    version = net::SSL_PROTOCOL_VERSION_TLS1_1;
-  } else if (version_str == "tls1.2") {
-    version = net::SSL_PROTOCOL_VERSION_TLS1_2;
-  }
-  return version;
-}
-
 }  // namespace
 
 ////////////////////////////////////////////////////////////////////////////////
 //  SSLConfigServicePref
 
 // An SSLConfigService which stores a cached version of the current SSLConfig
 // prefs, which are updated by SSLConfigServiceManagerPref when the prefs
 // change.
 class SSLConfigServicePref : public net::SSLConfigService {
  public:
@@ skipping 64 matching lines @@
 
   PrefChangeRegistrar local_state_change_registrar_;
   PrefChangeRegistrar user_prefs_change_registrar_;
 
   // The local_state prefs (should only be accessed from UI thread)
   BooleanPrefMember rev_checking_enabled_;
   StringPrefMember ssl_version_min_;
   StringPrefMember ssl_version_max_;
   BooleanPrefMember channel_id_enabled_;
   BooleanPrefMember ssl_record_splitting_disabled_;
+  BooleanPrefMember ssl_version_min_preloaded_disabled_;
 
   // The cached list of disabled SSL cipher suites.
   std::vector<uint16> disabled_cipher_suites_;
 
   // The user_prefs prefs (should only be accessed from UI thread).
   // |have_user_prefs_| will be false if no user_prefs are associated with this
   // instance.
   bool have_user_prefs_;
   BooleanPrefMember block_third_party_cookies_;
 
@@ skipping 19 matching lines @@
   rev_checking_enabled_.Init(
       prefs::kCertRevocationCheckingEnabled, local_state, local_state_callback);
   ssl_version_min_.Init(
       prefs::kSSLVersionMin, local_state, local_state_callback);
   ssl_version_max_.Init(
       prefs::kSSLVersionMax, local_state, local_state_callback);
   channel_id_enabled_.Init(
       prefs::kEnableOriginBoundCerts, local_state, local_state_callback);
   ssl_record_splitting_disabled_.Init(
       prefs::kDisableSSLRecordSplitting, local_state, local_state_callback);
+  ssl_version_min_preloaded_disabled_.Init(
+      prefs::kDisableSSLVersionMinPreloaded, local_state, local_state_callback);
 
   local_state_change_registrar_.Init(local_state);
   local_state_change_registrar_.Add(
       prefs::kCipherSuiteBlacklist, local_state_callback);
 
   OnDisabledCipherSuitesChange(local_state);
 
   if (user_prefs) {
     PrefChangeRegistrar::NamedChangeCallback user_prefs_callback = base::Bind(
         &SSLConfigServiceManagerPref::OnPreferenceChanged,
@@ skipping 12 matching lines @@
   // the IO thread trying to access it yet.
   GetSSLConfigFromPrefs(&ssl_config_service_->cached_config_);
 }
 
 // static
 void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) {
   net::SSLConfig default_config;
   registry->RegisterBooleanPref(prefs::kCertRevocationCheckingEnabled,
                                 default_config.rev_checking_enabled);
   std::string version_min_str =
-      SSLProtocolVersionToString(default_config.version_min);
+      net::SSLConfig::SSLProtocolVersionToString(default_config.version_min);
   std::string version_max_str =
-      SSLProtocolVersionToString(default_config.version_max);
+      net::SSLConfig::SSLProtocolVersionToString(default_config.version_max);
   registry->RegisterStringPref(prefs::kSSLVersionMin, version_min_str);
   registry->RegisterStringPref(prefs::kSSLVersionMax, version_max_str);
   registry->RegisterBooleanPref(prefs::kEnableOriginBoundCerts,
                                 default_config.channel_id_enabled);
   registry->RegisterBooleanPref(prefs::kDisableSSLRecordSplitting,
                                 !default_config.false_start_enabled);
+  registry->RegisterBooleanPref(
+      prefs::kDisableSSLVersionMinPreloaded,
+      default_config.ssl_version_min_preloaded_disabled);
   registry->RegisterListPref(prefs::kCipherSuiteBlacklist);
 }
 
 net::SSLConfigService* SSLConfigServiceManagerPref::Get() {
   return ssl_config_service_;
 }
 
 void SSLConfigServiceManagerPref::OnPreferenceChanged(
     PrefService* prefs,
     const std::string& pref_name_in) {
@@ skipping 18 matching lines @@
           new_config));
 }
 
 void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs(
     net::SSLConfig* config) {
   config->rev_checking_enabled = rev_checking_enabled_.GetValue();
   std::string version_min_str = ssl_version_min_.GetValue();
   std::string version_max_str = ssl_version_max_.GetValue();
   config->version_min = net::SSLConfigService::default_version_min();
   config->version_max = net::SSLConfigService::default_version_max();
-  uint16 version_min = SSLProtocolVersionFromString(version_min_str);
-  uint16 version_max = SSLProtocolVersionFromString(version_max_str);
+  uint16 version_min = net::SSLConfig::SSLProtocolVersionFromString(
+      version_min_str);
+  uint16 version_max = net::SSLConfig::SSLProtocolVersionFromString(
+      version_max_str);
   if (version_min) {
     // TODO(wtc): get the minimum SSL protocol version supported by the
     // SSLClientSocket class. Right now it happens to be the same as the
     // default minimum SSL protocol version because we enable all supported
     // versions by default.
     uint16 supported_version_min = config->version_min;
     config->version_min = std::max(supported_version_min, version_min);
   }
   if (version_max) {
     // TODO(wtc): get the maximum SSL protocol version supported by the
     // SSLClientSocket class.
     uint16 supported_version_max = config->version_max;
     config->version_max = std::min(supported_version_max, version_max);
   }
   config->disabled_cipher_suites = disabled_cipher_suites_;
   config->channel_id_enabled = channel_id_enabled_.GetValue();
   if (have_user_prefs_ &&
       (cookies_disabled_ || block_third_party_cookies_.GetValue()))
     config->channel_id_enabled = false;
   // disabling False Start also happens to disable record splitting.
   config->false_start_enabled = !ssl_record_splitting_disabled_.GetValue();
+  config->ssl_version_min_preloaded_disabled =
+      ssl_version_min_preloaded_disabled_.GetValue();
   SSLConfigServicePref::SetSSLConfigFlags(config);
 }
 
 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange(
     PrefService* local_state) {
   const ListValue* value = local_state->GetList(prefs::kCipherSuiteBlacklist);
   disabled_cipher_suites_ = ParseCipherSuites(ListValueToStringVector(value));
 }
 
 void SSLConfigServiceManagerPref::OnDefaultContentSettingsChange(
@@ skipping 15 matching lines @@
 // static
 SSLConfigServiceManager* SSLConfigServiceManager::CreateDefaultManager(
     PrefService* local_state, PrefService* user_prefs) {
   return new SSLConfigServiceManagerPref(local_state, user_prefs);
 }
 
 // static
 void SSLConfigServiceManager::RegisterPrefs(PrefRegistrySimple* registry) {
   SSLConfigServiceManagerPref::RegisterPrefs(registry);
 }