Enable AES_256_GCM ciphers.

net/ssl/ssl_config.h

Index: net/ssl/ssl_config.h
diff --git a/net/ssl/ssl_config.h b/net/ssl/ssl_config.h
index 0a5a83d803357ef7bf7ad681257182e42793df0e..21f4cccbdf831b50f53ddf7a05a0d88804678714 100644
--- a/net/ssl/ssl_config.h
+++ b/net/ssl/ssl_config.h
@@ -97,19 +97,6 @@ struct NET_EXPORT SSLConfig {
   // Presorted list of cipher suites which should be explicitly prevented from
   // being used in addition to those disabled by the net built-in policy.
   //
-  // By default, all cipher suites supported by the underlying SSL
-  // implementation will be enabled except for:

[davidben, 2016/03/08 01:42:16]

This comment isn't terribly meaningful anymore since BoringSSL doesn't implement
most of this to begin with.

-  // - Null encryption cipher suites.
-  // - Weak cipher suites: < 80 bits of security strength.
-  // - FORTEZZA cipher suites (obsolete).
-  // - IDEA cipher suites (RFC 5469 explains why).
-  // - Anonymous cipher suites.
-  // - ECDSA cipher suites on platforms that do not support ECDSA signed
-  //   certificates, as servers may use the presence of such ciphersuites as a
-  //   hint to send an ECDSA certificate.
-  // The ciphers listed in |disabled_cipher_suites| will be removed in addition
-  // to the above list.
-  //
   // Though cipher suites are sent in TLS as "uint8_t CipherSuite[2]", in
   // big-endian form, they should be declared in host byte order, with the
   // first uint8_t occupying the most significant byte.