TLS CECPQ1 (experimental post-quantum) ciphers.

net/socket/ssl_client_socket_impl.cc

Index: net/socket/ssl_client_socket_impl.cc
diff --git a/net/socket/ssl_client_socket_impl.cc b/net/socket/ssl_client_socket_impl.cc
index 487a406d1f7124593946c9f640526636e0fac185..87226c6163ff779f4afc34988bc4738f8411b0d5 100644
--- a/net/socket/ssl_client_socket_impl.cc
+++ b/net/socket/ssl_client_socket_impl.cc
@@ -966,8 +966,27 @@ int SSLClientSocketImpl::Init() {
   // DHE_RSA_WITH_AES_256_GCM_SHA384. Historically, AES_256_GCM was not
   // supported. As DHE is being deprecated, don't add a cipher only to remove it
   // immediately.
-  std::string command(
-      "DEFAULT:!SHA256:!SHA384:!DHE-RSA-AES256-GCM-SHA384:!aPSK:!RC4");
+  std::string command;
+// These are experimental, non-standard ciphersuites.  They are part of an

[agl, 2016/06/28 22:14:39]

begin line with two spaces.

[mab, 2016/06/28 22:40:58]

(moot)

+// experiment in post-quantum cryptography.  They're not intended to
+// represent a de-facto standard, and will be removed from BoringSSL in
+// ~2018.
+#if !defined(OS_ANDROID) && !defined(OS_IOS)
+  if (EVP_has_aes_hardware()) {
+    command.append(
+        "CECPQ1-RSA-AES256-GCM-SHA384:"
+        "CECPQ1-ECDSA-AES256-GCM-SHA384:");
+  }
+  command.append(
+      "CECPQ1-RSA-CHACHA20-POLY1305-SHA256:"
+      "CECPQ1-ECDSA-CHACHA20-POLY1305-SHA256:");
+  if (!EVP_has_aes_hardware()) {
+    command.append(
+        "CECPQ1-RSA-AES256-GCM-SHA384:"
+        "CECPQ1-ECDSA-AES256-GCM-SHA384:");
+  }
+#endif
+  command.append("ALL:!SHA256:!SHA384:!DHE-RSA-AES256-GCM-SHA384:!aPSK:!RC4");
 
   if (ssl_config_.require_ecdhe)
     command.append(":!kRSA:!kDHE");