Do not roll back to SSL 3.0 for Google properties.

net/ssl/ssl_config_service.h

Index: net/ssl/ssl_config_service.h
diff --git a/net/ssl/ssl_config_service.h b/net/ssl/ssl_config_service.h
index 01c20cd610382cab4a5498ce335be1cf2b1b44a6..28266132c411bcf6c6f4888e07a4b77c1f6be36e 100644
--- a/net/ssl/ssl_config_service.h
+++ b/net/ssl/ssl_config_service.h
@@ -91,6 +91,13 @@ struct NET_EXPORT SSLConfig {
   bool channel_id_enabled;  // True if TLS channel ID extension is enabled.
   bool false_start_enabled;  // True if we'll use TLS False Start.
 
+  // If |ssl3_fallback_enabled| is false and the request is sent to a site
+  // pinned to the Google pin list (indicating that it is a Google site),
+  // SSL 3.0 fallback will be disabled.
+  // If |ssl3_fallback_enabled| is true, SSL 3.0 fallback will be enabled
+  // for all sites.

[wtc, 2013/04/18 18:15:34]

I suggest describing the "true" case before the "false" case,
and rewording the "false" case slightly to make the two cases
more symmetrical, as follows:

  // If |ssl3_fallback_enabled| is true, SSL 3.0 fallback will be enabled
  // for all sites.
  // If |ssl3_fallback_enabled| is false, SSL 3.0 fallback will be disabled
  // for a site pinned to the Google pin list (indicating that it is a
  // Google site).

+  bool ssl3_fallback_enabled;

[wtc, 2013/04/18 18:15:34]

NOTE: I still think this member name is confusing. I think
something like "permissive_ssl3_fallback_enabled" or
"ssl3_fallback_unrestricted" would be more accurate.

+
   // TODO(wtc): move the following members to a new SSLParams structure.  They
   // are not SSL configuration settings.