| Index: components/ssl_config/ssl_config_service_manager_pref.cc
|
| diff --git a/components/ssl_config/ssl_config_service_manager_pref.cc b/components/ssl_config/ssl_config_service_manager_pref.cc
|
| index 8d8cf5ce4b90897a42b0ea1975187a0a149532e6..af1cd0939297658a92c2a2266974f36fdc10e9ca 100644
|
| --- a/components/ssl_config/ssl_config_service_manager_pref.cc
|
| +++ b/components/ssl_config/ssl_config_service_manager_pref.cc
|
| @@ -10,6 +10,7 @@
|
| #include <vector>
|
|
|
| #include "base/bind.h"
|
| +#include "base/feature_list.h"
|
| #include "base/macros.h"
|
| #include "base/metrics/field_trial.h"
|
| #include "base/single_thread_task_runner.h"
|
| @@ -88,6 +89,10 @@ bool IsRC4EnabledByDefault() {
|
| return base::StartsWith(group_name, "Enabled", base::CompareCase::SENSITIVE);
|
| }
|
|
|
| +const base::Feature kSSLVersionFallbackTLSv11 {
|
| + "SSLVersionFallbackTLSv1.1", base::FEATURE_DISABLED_BY_DEFAULT,
|
| +};
|
| +
|
| } // namespace
|
|
|
| ////////////////////////////////////////////////////////////////////////////////
|
| @@ -197,6 +202,15 @@ SSLConfigServiceManagerPref::SSLConfigServiceManagerPref(
|
| ssl_config::prefs::kRC4Enabled,
|
| new base::FundamentalValue(IsRC4EnabledByDefault()));
|
|
|
| + // Restore the TLS 1.1 fallback leg if enabled via features.
|
| + // TODO(davidben): Remove this when the fallback removal has succeeded.
|
| + // https://crbug.com/536200.
|
| + if (base::FeatureList::IsEnabled(kSSLVersionFallbackTLSv11)) {
|
| + local_state->SetDefaultPrefValue(
|
| + ssl_config::prefs::kSSLVersionFallbackMin,
|
| + new base::StringValue(switches::kSSLVersionTLSv11));
|
| + }
|
| +
|
| PrefChangeRegistrar::NamedChangeCallback local_state_callback =
|
| base::Bind(&SSLConfigServiceManagerPref::OnPreferenceChanged,
|
| base::Unretained(this), local_state);
|
| @@ -294,7 +308,9 @@ void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs(
|
| uint16_t supported_version_max = config->version_max;
|
| config->version_max = std::min(supported_version_max, version_max);
|
| }
|
| - if (version_fallback_min) {
|
| + // Values below TLS 1.1 are invalid.
|
| + if (version_fallback_min &&
|
| + version_fallback_min >= net::SSL_PROTOCOL_VERSION_TLS1_1) {
|
| config->version_fallback_min = version_fallback_min;
|
| }
|
| config->disabled_cipher_suites = disabled_cipher_suites_;
|
|
|
Chromium Code Reviews
Issue 1682623002:
Disable the TLS version fallback. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master