Remove the last of the TLS fallback code.

net/socket/ssl_client_socket_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/socket/ssl_client_socket.h"
 
 #include <errno.h>
 #include <string.h>
 
 #include <utility>
@@ skipping 1209 matching lines @@
   // Number of bytes received on the network after the handshake should be
   // higher than the number of encrypted bytes read.
   EXPECT_GE(sock->GetTotalReceivedBytes() - network_bytes_read_during_handshake,
             unencrypted_bytes_read);
 
   // The peer should have cleanly closed the connection with a close_notify.
   EXPECT_EQ(0, rv);
 }
 
 // Tests that SSLClientSocket properly handles when the underlying transport
-// synchronously fails a transport read in during the handshake. The error code
-// should be preserved so SSLv3 fallback logic can condition on it.
+// synchronously fails a transport read in during the handshake.
 TEST_F(SSLClientSocketTest, Connect_WithSynchronousError) {
   ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
 
   TestCompletionCallback callback;
   std::unique_ptr<StreamSocket> real_transport(
       new TCPClientSocket(addr(), NULL, NULL, NetLog::Source()));
   std::unique_ptr<SynchronousErrorStreamSocket> transport(
       new SynchronousErrorStreamSocket(std::move(real_transport)));
   int rv = callback.GetResult(transport->Connect(callback.callback()));
   EXPECT_THAT(rv, IsOk());
@@ skipping 1378 matching lines @@
   cert_verifier_->set_default_result(OK);
 
   // The next connection should perform a full handshake.
   ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
   ASSERT_THAT(rv, IsOk());
   SSLInfo ssl_info;
   ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
   EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
 }
 
-// Tests that session caches are sharded by max_version.
-TEST_F(SSLClientSocketTest, FallbackShardSessionCache) {
-  ASSERT_TRUE(StartTestServer(SpawnedTestServer::SSLOptions()));
-
-  // Prepare a normal and fallback SSL config.
-  SSLConfig ssl_config;
-  SSLConfig fallback_ssl_config;
-  fallback_ssl_config.version_max = SSL_PROTOCOL_VERSION_TLS1;
-  fallback_ssl_config.version_fallback_min = SSL_PROTOCOL_VERSION_TLS1;
-  fallback_ssl_config.version_fallback = true;
-
-  // Connect with a fallback config from the test server to add an entry to the
-  // session cache.
-  int rv;
-  ASSERT_TRUE(CreateAndConnectSSLClientSocket(fallback_ssl_config, &rv));
-  EXPECT_THAT(rv, IsOk());
-  SSLInfo ssl_info;
-  EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
-  EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
-  EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1,
-            SSLConnectionStatusToVersion(ssl_info.connection_status));
-
-  // A non-fallback connection needs a full handshake.
-  ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
-  EXPECT_THAT(rv, IsOk());
-  EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
-  EXPECT_EQ(SSLInfo::HANDSHAKE_FULL, ssl_info.handshake_type);
-  EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1_2,
-            SSLConnectionStatusToVersion(ssl_info.connection_status));
-
-  // Note: if the server (correctly) declines to resume a TLS 1.0 session at TLS
-  // 1.2, the above test would not be sufficient to prove the session caches are
-  // sharded. Implementations vary here, so, to avoid being sensitive to this,
-  // attempt to resume with two more connections.
-
-  // The non-fallback connection added a > TLS 1.0 entry to the session cache.
-  ASSERT_TRUE(CreateAndConnectSSLClientSocket(ssl_config, &rv));
-  EXPECT_THAT(rv, IsOk());
-  EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
-  EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
-  // This does not check for equality because TLS 1.2 support is conditional on
-  // system NSS features.
-  EXPECT_LT(SSL_CONNECTION_VERSION_TLS1,
-            SSLConnectionStatusToVersion(ssl_info.connection_status));
-
-  // The fallback connection still resumes from its session cache. It cannot
-  // offer the > TLS 1.0 session, so this must have been the session from the
-  // first fallback connection.
-  ASSERT_TRUE(CreateAndConnectSSLClientSocket(fallback_ssl_config, &rv));
-  EXPECT_THAT(rv, IsOk());
-  EXPECT_TRUE(sock_->GetSSLInfo(&ssl_info));
-  EXPECT_EQ(SSLInfo::HANDSHAKE_RESUME, ssl_info.handshake_type);
-  EXPECT_EQ(SSL_CONNECTION_VERSION_TLS1,
-            SSLConnectionStatusToVersion(ssl_info.connection_status));
-}
-
 // Test that DHE is removed but gives a dedicated error. Also test that the
 // dhe_enabled option can restore it.
 TEST_F(SSLClientSocketTest, DHE) {
   SpawnedTestServer::SSLOptions ssl_options;
   ssl_options.key_exchanges =
       SpawnedTestServer::SSLOptions::KEY_EXCHANGE_DHE_RSA;
   ASSERT_TRUE(StartTestServer(ssl_options));
 
   // Normal handshakes with DHE do not work, with or without DHE enabled.
   SSLConfig ssl_config;
@@ skipping 731 matching lines @@
   ASSERT_TRUE(sock_->GetSSLInfo(&ssl_info));
 
   EXPECT_THAT(rv, IsError(ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN));
   EXPECT_TRUE(ssl_info.cert_status & CERT_STATUS_PINNED_KEY_MISSING);
   EXPECT_TRUE(ssl_info.cert_status &
               CERT_STATUS_CERTIFICATE_TRANSPARENCY_REQUIRED);
   EXPECT_TRUE(sock_->IsConnected());
 }
 
 }  // namespace net