Do not roll back to SSL 3.0 for Google properties.

net/http/http_network_transaction.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/http_network_transaction.h"
 
 #include <set>
 #include <vector>
 
 #include "base/bind.h"
@@ skipping 29 matching lines @@
 #include "net/http/http_proxy_client_socket_pool.h"
 #include "net/http/http_request_headers.h"
 #include "net/http/http_request_info.h"
 #include "net/http/http_response_headers.h"
 #include "net/http/http_response_info.h"
 #include "net/http/http_server_properties.h"
 #include "net/http/http_status_code.h"
 #include "net/http/http_stream_base.h"
 #include "net/http/http_stream_factory.h"
 #include "net/http/http_util.h"
+#include "net/http/transport_security_state.h"
 #include "net/http/url_security_manager.h"
 #include "net/socket/client_socket_factory.h"
 #include "net/socket/socks_client_socket_pool.h"
 #include "net/socket/ssl_client_socket.h"
 #include "net/socket/ssl_client_socket_pool.h"
 #include "net/socket/transport_client_socket_pool.h"
 #include "net/spdy/spdy_http_stream.h"
 #include "net/spdy/spdy_session.h"
 #include "net/spdy/spdy_session_pool.h"
 #include "net/ssl/ssl_cert_request_info.h"
@@ skipping 1154 matching lines @@
       (error == ERR_SSL_PROTOCOL_ERROR || IsClientCertificateError(error))) {
     session_->ssl_client_auth_cache()->Remove(
         GetHostAndPort(request_->url));
   }
 
   switch (error) {
     case ERR_SSL_PROTOCOL_ERROR:
     case ERR_SSL_VERSION_OR_CIPHER_MISMATCH:
       if (server_ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1 &&
           server_ssl_config_.version_max > server_ssl_config_.version_min) {
+
+        if (server_ssl_config_.version_max == SSL_PROTOCOL_VERSION_TLS1 &&

[agl, 2013/04/16 15:19:24]

Can't think chunk live before the switch() and thus remove the need to duplicate
it below?

[Ryan Sleevi, 2013/04/16 19:55:26]

Yeah, I think this switch can/should be re-organized a little as part of this

uint16 version_before = server_ssl_config_.version_max;
uint16 version_max = version_before;
switch (error) {
  case ...:
  case ...:
    if (cond_a) {
       version_max = X
    }
    break;
  case ...:
  case ...:
    if (cond_b) {
      version_max = y;
    }
    break;
}

if (version_max <= SSL3 && Google) {
  // It would be good to UMA this here, right? Or are we
  // assuming this will always fail (since UMA => Google)
  // If it doesn't make sense, then just change the if/else
  // into an "if (x && !(version_max... && Google))"
} else if (version_max != version_before) {
  server_ssl_config_.version_max = version_max;
  net_log_.AddEvent(...)
  server_ssl_config_.version_fallback = true;
  ResetConn...()
  error = OK;
}

[thaidn_google, 2013/04/17 00:46:17]

Done.

+            !server_ssl_config_.ssl_version_min_preloaded_disabled &&
+            TransportSecurityState::IsGooglePinnedProperty(
+                request_->url.host(), true /* include SNI */ )) {
+          // Chrome shouldn't fallback to SSL3 for Google's properties.
+          break;
+        }
+
         // This could be a TLS-intolerant server or a server that chose a
         // cipher suite defined only for higher protocol versions (such as
         // an SSL 3.0 server that chose a TLS-only cipher suite).  Fall
         // back to the next lower version and retry.
         // NOTE: if the SSLClientSocket class doesn't support TLS 1.1,
         // specifying TLS 1.1 in version_max will result in a TLS 1.0
         // handshake, so falling back from TLS 1.1 to TLS 1.0 will simply
         // repeat the TLS 1.0 handshake. To avoid this problem, the default
         // version_max should match the maximum protocol version supported
         // by the SSLClientSocket class.
         uint16 version_before = server_ssl_config_.version_max;
         server_ssl_config_.version_max--;
         net_log_.AddEvent(
             NetLog::TYPE_SSL_VERSION_FALLBACK,
             base::Bind(&NetLogSSLVersionFallbackCallback,
                        &request_->url, error, version_before,
                        server_ssl_config_.version_max));
         server_ssl_config_.version_fallback = true;
         ResetConnectionAndRequestForResend();
         error = OK;
       }
       break;
     case ERR_SSL_DECOMPRESSION_FAILURE_ALERT:
     case ERR_SSL_BAD_RECORD_MAC_ALERT:
       if (server_ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1 &&
           server_ssl_config_.version_min == SSL_PROTOCOL_VERSION_SSL3) {
+
+        if (!server_ssl_config_.ssl_version_min_preloaded_disabled &&
+            TransportSecurityState::IsGooglePinnedProperty(
+                request_->url.host(), true /* include SNI */ )) {
+          // Chrome shouldn't fallback to SSL3 for Google's properties.
+          break;
+        }
+
         // This could be a server with buggy DEFLATE support. Turn off TLS,
         // DEFLATE support and retry.
         // TODO(wtc): turn off DEFLATE support only. Do not tie it to TLS.
         uint16 version_before = server_ssl_config_.version_max;
         server_ssl_config_.version_max = SSL_PROTOCOL_VERSION_SSL3;
         net_log_.AddEvent(
             NetLog::TYPE_SSL_VERSION_FALLBACK,
             base::Bind(&NetLogSSLVersionFallbackCallback,
                        &request_->url, error, version_before,
                        server_ssl_config_.version_max));
@@ skipping 201 matching lines @@
       description = base::StringPrintf("Unknown state 0x%08X (%u)", state,
                                        state);
       break;
   }
   return description;
 }
 
 #undef STATE_CASE
 
 }  // namespace net