Index: net/http/http_network_transaction.cc |
diff --git a/net/http/http_network_transaction.cc b/net/http/http_network_transaction.cc |
index e719a839c5b91e37096a55620c019f4255a1430a..2e131347450c7b11bf2ce8ad1e6ae23a8d7dee8e 100644 |
--- a/net/http/http_network_transaction.cc |
+++ b/net/http/http_network_transaction.cc |
@@ -74,14 +74,12 @@ namespace { |
std::unique_ptr<base::Value> NetLogSSLVersionFallbackCallback( |
const GURL* url, |
int net_error, |
- SSLFailureState ssl_failure_state, |
uint16_t version_before, |
uint16_t version_after, |
NetLogCaptureMode /* capture_mode */) { |
std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue()); |
dict->SetString("host_and_port", GetHostAndPort(*url)); |
dict->SetInteger("net_error", net_error); |
- dict->SetInteger("ssl_failure_state", ssl_failure_state); |
dict->SetInteger("version_before", version_before); |
dict->SetInteger("version_after", version_after); |
return std::move(dict); |
@@ -110,9 +108,7 @@ HttpNetworkTransaction::HttpNetworkTransaction(RequestPriority priority, |
request_(NULL), |
priority_(priority), |
headers_valid_(false), |
- server_ssl_failure_state_(SSL_FAILURE_NONE), |
fallback_error_code_(ERR_SSL_INAPPROPRIATE_FALLBACK), |
- fallback_failure_state_(SSL_FAILURE_NONE), |
request_headers_(), |
read_buf_len_(0), |
total_received_bytes_(0), |
@@ -500,14 +496,12 @@ void HttpNetworkTransaction::OnWebSocketHandshakeStreamReady( |
} |
void HttpNetworkTransaction::OnStreamFailed(int result, |
- const SSLConfig& used_ssl_config, |
- SSLFailureState ssl_failure_state) { |
+ const SSLConfig& used_ssl_config) { |
DCHECK_EQ(STATE_CREATE_STREAM_COMPLETE, next_state_); |
DCHECK_NE(OK, result); |
DCHECK(stream_request_.get()); |
DCHECK(!stream_.get()); |
server_ssl_config_ = used_ssl_config; |
- server_ssl_failure_state_ = ssl_failure_state; |
OnIOComplete(result); |
} |
@@ -1487,10 +1481,8 @@ int HttpNetworkTransaction::HandleSSLHandshakeError(int error) { |
net_log_.AddEvent( |
NetLog::TYPE_SSL_VERSION_FALLBACK, |
base::Bind(&NetLogSSLVersionFallbackCallback, &request_->url, error, |
- server_ssl_failure_state_, server_ssl_config_.version_max, |
- version_max)); |
+ server_ssl_config_.version_max, version_max)); |
fallback_error_code_ = error; |
- fallback_failure_state_ = server_ssl_failure_state_; |
server_ssl_config_.version_max = version_max; |
server_ssl_config_.version_fallback = true; |
ResetConnectionAndRequestForResend(); |
@@ -1582,71 +1574,11 @@ void HttpNetworkTransaction::CacheNetErrorDetailsAndResetStream() { |
} |
void HttpNetworkTransaction::RecordSSLFallbackMetrics(int result) { |
- if (result != OK && result != ERR_SSL_INAPPROPRIATE_FALLBACK) |
- return; |
- |
- const std::string& host = request_->url.host(); |
- bool is_google = base::EndsWith(host, "google.com", |
- base::CompareCase::SENSITIVE) && |
- (host.size() == 10 || host[host.size() - 11] == '.'); |
- if (is_google) { |
- // Some fraction of successful connections use the fallback, but only due to |
- // a spurious network failure. To estimate this fraction, compare handshakes |
- // to Google servers which succeed against those that fail with an |
- // inappropriate_fallback alert. Google servers are known to implement |
- // FALLBACK_SCSV, so a spurious network failure while connecting would |
- // trigger the fallback, successfully connect, but fail with this alert. |
- UMA_HISTOGRAM_BOOLEAN("Net.GoogleConnectionInappropriateFallback", |
- result == ERR_SSL_INAPPROPRIATE_FALLBACK); |
- } |
- |
if (result != OK) |
return; |
- // Note: these values are used in histograms, so new values must be appended. |
- enum FallbackVersion { |
- FALLBACK_NONE = 0, // SSL version fallback did not occur. |
- // Obsolete: FALLBACK_SSL3 = 1, |
- FALLBACK_TLS1 = 2, // Fell back to TLS 1.0. |
- FALLBACK_TLS1_1 = 3, // Fell back to TLS 1.1. |
- FALLBACK_MAX, |
- }; |
- |
- FallbackVersion fallback = FALLBACK_NONE; |
- if (server_ssl_config_.version_fallback) { |
- switch (server_ssl_config_.version_max) { |
- case SSL_PROTOCOL_VERSION_TLS1: |
- fallback = FALLBACK_TLS1; |
- break; |
- case SSL_PROTOCOL_VERSION_TLS1_1: |
- fallback = FALLBACK_TLS1_1; |
- break; |
- default: |
- NOTREACHED(); |
- } |
- } |
- UMA_HISTOGRAM_ENUMERATION("Net.ConnectionUsedSSLVersionFallback2", fallback, |
- FALLBACK_MAX); |
- |
- // Google servers are known to implement TLS 1.2 and FALLBACK_SCSV, so it |
- // should be impossible to successfully connect to them with the fallback. |
- // This helps estimate intolerant locally-configured SSL MITMs. |
- if (is_google) { |
- UMA_HISTOGRAM_ENUMERATION("Net.GoogleConnectionUsedSSLVersionFallback2", |
- fallback, FALLBACK_MAX); |
- } |
- |
UMA_HISTOGRAM_BOOLEAN("Net.ConnectionUsedSSLDeprecatedCipherFallback2", |
server_ssl_config_.deprecated_cipher_suites_enabled); |
davidben
2016/06/24 00:33:28
Left this around for now. I didn't end up using it
|
- |
- if (server_ssl_config_.version_fallback) { |
- // Record the error code which triggered the fallback and the state the |
- // handshake was in. |
- UMA_HISTOGRAM_SPARSE_SLOWLY("Net.SSLFallbackErrorCode", |
- -fallback_error_code_); |
- UMA_HISTOGRAM_ENUMERATION("Net.SSLFallbackFailureState", |
- fallback_failure_state_, SSL_FAILURE_MAX); |
- } |
} |
HttpResponseHeaders* HttpNetworkTransaction::GetResponseHeaders() const { |