Do not roll back to SSL 3.0 for Google properties.

net/ssl/ssl_config_service.h

Index: net/ssl/ssl_config_service.h
diff --git a/net/ssl/ssl_config_service.h b/net/ssl/ssl_config_service.h
index 01c20cd610382cab4a5498ce335be1cf2b1b44a6..564f62cd28d67b5f16d72b61957886b9365ae01e 100644
--- a/net/ssl/ssl_config_service.h
+++ b/net/ssl/ssl_config_service.h
@@ -49,6 +49,14 @@ struct NET_EXPORT SSLConfig {
   bool IsAllowedBadCert(const base::StringPiece& der_cert,
                         CertStatus* cert_status) const;
 
+  // Returns the string representation of an SSL protocol version. Returns an
+  // empty string on error.
+  static std::string SSLProtocolVersionToString(uint16 version);
+
+  // Returns the SSL protocol version (as a uint16) represented by a string.
+  // Returns 0 if the string is invalid.
+  static uint16 SSLProtocolVersionFromString(const std::string& version_str);

[Ryan Sleevi, 2013/04/16 19:55:26]

This seems like a really awkward place to put this, given that we already have
net::SSLVersionToString in
http://src.chromium.org/viewvc/chrome/trunk/src/net/ssl/ssl_cipher_suite_name...

Seems like these should live there?

[thaidn_google, 2013/04/17 00:46:17]

It turns out that I don't need them here anymore. I just move them back to their
original place.

On 2013/04/16 19:55:26, Ryan Sleevi wrote:

+
   // rev_checking_enabled is true if online certificate revocation checking is
   // enabled (i.e. OCSP and CRL fetching).
   //
@@ -91,6 +99,10 @@ struct NET_EXPORT SSLConfig {
   bool channel_id_enabled;  // True if TLS channel ID extension is enabled.
   bool false_start_enabled;  // True if we'll use TLS False Start.
 
+  // True if the enforcement of minimum SSL version for preloaded HSTS
+  // entries is disabled.
+  bool ssl_version_min_preloaded_disabled;
+
   // TODO(wtc): move the following members to a new SSLParams structure.  They
   // are not SSL configuration settings.