Remove RC4 by default.

net/ssl/ssl_config.h

Index: net/ssl/ssl_config.h
diff --git a/net/ssl/ssl_config.h b/net/ssl/ssl_config.h
index cd83ea5d797402e141fe23180e1cdbb3082e328a..25a66f700022de83ba8ec34671dd7749121eeeb6 100644
--- a/net/ssl/ssl_config.h
+++ b/net/ssl/ssl_config.h
@@ -109,8 +109,18 @@ struct NET_EXPORT SSLConfig {
   // disable TLS_ECDH_ECDSA_WITH_RC4_128_SHA, specify 0xC002.
   std::vector<uint16> disabled_cipher_suites;
 
-  // Enables deprecated cipher suites. Currently, RC4 is deprecated.
-  bool enable_deprecated_cipher_suites;
+  // Enables deprecated cipher suites. These cipher suites are selected under a
+  // fallback to distinguish servers which require them from servers which
+  // merely prefer them.
+  //
+  // NOTE: because they are under a fallback, connections are still vulnerable
+  // to them as far as downgrades are concerned, so this should only be used for
+  // measurement of ciphers not to be carried long-term. It is no fix for
+  // servers with bad configurations without full removal.
+  bool deprecated_cipher_suites_enabled;
+
+  // Enables RC4 cipher suites.
+  bool rc4_enabled;
 
   bool channel_id_enabled;   // True if TLS channel ID extension is enabled.
   bool false_start_enabled;  // True if we'll use TLS False Start.