Do not roll back to SSL 3.0 for Google properties.

net/http/http_network_transaction.cc

Index: net/http/http_network_transaction.cc
diff --git a/net/http/http_network_transaction.cc b/net/http/http_network_transaction.cc
index 467eb940a65d7a6687b7085b3e9257f615036ab5..1981f7d3161eaff5c47884dd1bf3099a43777164 100644
--- a/net/http/http_network_transaction.cc
+++ b/net/http/http_network_transaction.cc
@@ -47,6 +47,7 @@
 #include "net/http/http_stream_base.h"
 #include "net/http/http_stream_factory.h"
 #include "net/http/http_util.h"
+#include "net/http/transport_security_state.h"
 #include "net/http/url_security_manager.h"
 #include "net/socket/client_socket_factory.h"
 #include "net/socket/socks_client_socket_pool.h"
@@ -177,6 +178,32 @@ int HttpNetworkTransaction::Start(const HttpRequestInfo* request_info,
     proxy_ssl_config_.rev_checking_enabled = false;
   }
 
+  // Adjust the minimum version of SSL that Chrome should use.
+  bool sni_available =
+      server_ssl_config_.version_max >= SSL_PROTOCOL_VERSION_TLS1 ||
+      server_ssl_config_.version_fallback;
+  const std::string& host = request_->url.host();
+  TransportSecurityState::DomainState domain_state;
+  if (session_->params().transport_security_state->GetDomainState(
+      host, sni_available, &domain_state)) {
+    switch (domain_state.ssl_version_min) {
+      case SSL_CONNECTION_VERSION_SSL3:
+        server_ssl_config_.version_min = SSL_PROTOCOL_VERSION_SSL3;
+        break;
+      case SSL_CONNECTION_VERSION_TLS1:
+        server_ssl_config_.version_min = SSL_PROTOCOL_VERSION_TLS1;
+        break;
+      case SSL_CONNECTION_VERSION_TLS1_1:
+        server_ssl_config_.version_min = SSL_PROTOCOL_VERSION_TLS1_1;
+        break;
+      case SSL_CONNECTION_VERSION_TLS1_2:
+        server_ssl_config_.version_min = SSL_PROTOCOL_VERSION_TLS1_2;
+        break;
+      default:
+        break;
+    }
+  }
+
   next_state_ = STATE_CREATE_STREAM;
   int rv = DoLoop(OK);
   if (rv == ERR_IO_PENDING)