Index: components/ssl_config/ssl_config_service_manager_pref_unittest.cc |
diff --git a/components/ssl_config/ssl_config_service_manager_pref_unittest.cc b/components/ssl_config/ssl_config_service_manager_pref_unittest.cc |
index 72b881809acad96d1736a1234a7ad7956981eaab..c15e72b067492b1d3c9da2a09c5c2c4cfa171d94 100644 |
--- a/components/ssl_config/ssl_config_service_manager_pref_unittest.cc |
+++ b/components/ssl_config/ssl_config_service_manager_pref_unittest.cc |
@@ -4,7 +4,11 @@ |
#include "components/ssl_config/ssl_config_service_manager.h" |
+#include <utility> |
+ |
+#include "base/feature_list.h" |
#include "base/memory/ref_counted.h" |
+#include "base/memory/scoped_ptr.h" |
#include "base/message_loop/message_loop.h" |
#include "base/thread_task_runner_handle.h" |
#include "base/values.h" |
@@ -173,3 +177,49 @@ TEST_F(SSLConfigServiceManagerPrefTest, NoSSL3) { |
// The command-line option must not have been honored. |
EXPECT_LE(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min); |
} |
+ |
+// Tests that fallback beyond TLS 1.0 cannot be re-enabled. |
+TEST_F(SSLConfigServiceManagerPrefTest, NoTLS1Fallback) { |
+ scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore()); |
+ |
+ TestingPrefServiceSimple local_state; |
+ local_state.SetUserPref(ssl_config::prefs::kSSLVersionFallbackMin, |
+ new base::StringValue("tls1")); |
+ SSLConfigServiceManager::RegisterPrefs(local_state.registry()); |
+ |
+ scoped_ptr<SSLConfigServiceManager> config_manager( |
+ SSLConfigServiceManager::CreateDefaultManager( |
+ &local_state, base::ThreadTaskRunnerHandle::Get())); |
+ ASSERT_TRUE(config_manager.get()); |
+ scoped_refptr<SSLConfigService> config_service(config_manager->Get()); |
+ ASSERT_TRUE(config_service.get()); |
+ |
+ SSLConfig ssl_config; |
+ config_service->GetSSLConfig(&ssl_config); |
+ // The command-line option must not have been honored. |
+ EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1_2, ssl_config.version_fallback_min); |
+} |
+ |
+// Tests that the TLS 1.1 fallback may be re-enabled via features. |
+TEST_F(SSLConfigServiceManagerPrefTest, TLSFallbackFeature) { |
+ // Toggle the feature. |
+ base::FeatureList::ClearInstanceForTesting(); |
+ scoped_ptr<base::FeatureList> feature_list(new base::FeatureList); |
+ feature_list->InitializeFromCommandLine("SSLVersionFallbackTLSv1.1", |
+ std::string()); |
+ base::FeatureList::SetInstance(std::move(feature_list)); |
+ |
+ TestingPrefServiceSimple local_state; |
+ SSLConfigServiceManager::RegisterPrefs(local_state.registry()); |
+ |
+ scoped_ptr<SSLConfigServiceManager> config_manager( |
+ SSLConfigServiceManager::CreateDefaultManager( |
+ &local_state, base::ThreadTaskRunnerHandle::Get())); |
+ scoped_refptr<SSLConfigService> config_service(config_manager->Get()); |
+ ASSERT_TRUE(config_service.get()); |
+ |
+ // The feature should have switched the default version_fallback_min value. |
+ SSLConfig ssl_config; |
+ config_service->GetSSLConfig(&ssl_config); |
+ EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1_1, ssl_config.version_fallback_min); |
+} |