Index: components/ssl_config/ssl_config_service_manager_pref.cc |
diff --git a/components/ssl_config/ssl_config_service_manager_pref.cc b/components/ssl_config/ssl_config_service_manager_pref.cc |
index 8d8cf5ce4b90897a42b0ea1975187a0a149532e6..b0837137e56a4a171e180d82ce527ae4e70d9738 100644 |
--- a/components/ssl_config/ssl_config_service_manager_pref.cc |
+++ b/components/ssl_config/ssl_config_service_manager_pref.cc |
@@ -197,6 +197,12 @@ SSLConfigServiceManagerPref::SSLConfigServiceManagerPref( |
ssl_config::prefs::kRC4Enabled, |
new base::FundamentalValue(IsRC4EnabledByDefault())); |
+ // TODO(davidben): Remove this when the fallback removal has succeeded. |
Alexei Svitkine (slow)
2016/02/11 16:24:06
Nit: Can you make the comment reference a crbug?
davidben
2016/02/11 21:53:14
Done.
|
+ local_state->SetDefaultPrefValue( |
+ ssl_config::prefs::kSSLVersionFallbackMin, |
+ new base::StringValue( |
+ base::FieldTrialList::FindFullName("SSLVersionFallbackMin"))); |
davidben
2016/02/10 22:14:29
+asvitkine, could you confirm that this works for
Alexei Svitkine (slow)
2016/02/11 16:24:06
Yes this should work. However, I think it would be
davidben
2016/02/11 21:53:14
Hrm. Are you suggesting I instead do something lik
Alexei Svitkine (slow)
2016/02/11 22:02:40
If it's just a boolean, I would indeed suggest usi
|
+ |
PrefChangeRegistrar::NamedChangeCallback local_state_callback = |
base::Bind(&SSLConfigServiceManagerPref::OnPreferenceChanged, |
base::Unretained(this), local_state); |
@@ -294,7 +300,9 @@ void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs( |
uint16_t supported_version_max = config->version_max; |
config->version_max = std::min(supported_version_max, version_max); |
} |
- if (version_fallback_min) { |
+ // Values below TLS 1.1 are invalid. |
+ if (version_fallback_min && |
+ version_fallback_min >= net::SSL_PROTOCOL_VERSION_TLS1_1) { |
config->version_fallback_min = version_fallback_min; |
} |
config->disabled_cipher_suites = disabled_cipher_suites_; |