OLD | NEW |
| (Empty) |
1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef NET_SSL_SSL_FAILURE_STATE_H_ | |
6 #define NET_SSL_SSL_FAILURE_STATE_H_ | |
7 | |
8 namespace net { | |
9 | |
10 // Describes the most likely cause for the TLS handshake failure. This is an | |
11 // approximation used to classify the causes of TLS version fallback. These | |
12 // values are used in histograms, so new values must be appended. | |
13 enum SSLFailureState { | |
14 // The connection was successful. | |
15 SSL_FAILURE_NONE = 0, | |
16 | |
17 // The connection failed for unknown reasons. | |
18 SSL_FAILURE_UNKNOWN = 1, | |
19 | |
20 // The connection failed after sending ClientHello and before receiving | |
21 // ServerHello. | |
22 SSL_FAILURE_CLIENT_HELLO = 2, | |
23 | |
24 // The connection failed after negotiating TLS_RSA_WITH_AES_128_GCM_SHA256 or | |
25 // TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 and completing the client's second | |
26 // leg. Some Microsoft IIS servers fail at this point. See | |
27 // https://crbug.com/433406. | |
28 SSL_FAILURE_BUGGY_GCM = 3, | |
29 | |
30 // The connection failed after CertificateVerify was sent. Some servers are | |
31 // known to incorrectly implement TLS 1.2 client auth. | |
32 SSL_FAILURE_CLIENT_AUTH = 4, | |
33 | |
34 // The connection failed because the server attempted to resume a session at | |
35 // the wrong version. Some versions of OpenSSL may do this in rare | |
36 // circumstances. See https://crbug.com/441456 | |
37 SSL_FAILURE_SESSION_MISMATCH = 5, | |
38 | |
39 // The connection failed after sending the NextProto message. Some F5 servers | |
40 // fail to parse such messages in TLS 1.1 and TLS 1.2, but not 1.0. See | |
41 // https://crbug.com/466977. | |
42 SSL_FAILURE_NEXT_PROTO = 6, | |
43 | |
44 SSL_FAILURE_MAX, | |
45 }; | |
46 | |
47 } // namespace net | |
48 | |
49 #endif // NET_SSL_SSL_FAILURE_STATE_H_ | |
OLD | NEW |