Remove the last of the TLS fallback code.

net/socket/ssl_client_socket_impl.cc

Index: net/socket/ssl_client_socket_impl.cc
diff --git a/net/socket/ssl_client_socket_impl.cc b/net/socket/ssl_client_socket_impl.cc
index 117a574a1c03e8a6bade533ddb088d48809fdfe9..edf72f83ca34ad8272581fb908e3547e1c92eccf 100644
--- a/net/socket/ssl_client_socket_impl.cc
+++ b/net/socket/ssl_client_socket_impl.cc
@@ -795,9 +795,6 @@ bool SSLClientSocketImpl::GetSSLInfo(SSLInfo* ssl_info) {
   if (!SSL_get_secure_renegotiation_support(ssl_))
     ssl_info->connection_status |= SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION;
 
-  if (ssl_config_.version_fallback)
-    ssl_info->connection_status |= SSL_CONNECTION_VERSION_FALLBACK;

[mmenke, 2016/10/03 16:01:03]

Can we remove SSL_CONNECTION_VERSION_FALLBACK from
ssl_connection_status_flags.h?

[davidben, 2016/10/03 19:09:24]

Done. Note this changes behavior slightly, but I think it's fine? Updated commit
description accordingly. The other option is we drop those cache entries on the
floor, which isn't wrong.

[mmenke, 2016/10/03 20:12:01]

I think it's fine, but I'd also be fine with dropping them.

-
   ssl_info->handshake_type = SSL_session_reused(ssl_)
                                  ? SSLInfo::HANDSHAKE_RESUME
                                  : SSLInfo::HANDSHAKE_FULL;
@@ -971,8 +968,6 @@ int SSLClientSocketImpl::Init() {
   mode.ConfigureFlag(SSL_MODE_ENABLE_FALSE_START,
                      ssl_config_.false_start_enabled);
 
-  mode.ConfigureFlag(SSL_MODE_SEND_FALLBACK_SCSV, ssl_config_.version_fallback);
-
   SSL_set_mode(ssl_, mode.set_mask);
   SSL_clear_mode(ssl_, mode.clear_mask);
 
@@ -1157,11 +1152,6 @@ int SSLClientSocketImpl::DoHandshakeComplete(int result) {
   if (result < 0)
     return result;
 
-  if (ssl_config_.version_fallback &&
-      ssl_config_.version_max < ssl_config_.version_fallback_min) {
-    return ERR_SSL_FALLBACK_BEYOND_MINIMUM_VERSION;
-  }
-
   // DHE is offered on the deprecated cipher fallback and then rejected
   // afterwards. This is to aid in diagnosing connection failures because a
   // server requires DHE ciphers.
@@ -2030,26 +2020,6 @@ std::string SSLClientSocketImpl::GetSessionCacheKey() const {
   result.append("/");
   result.append(ssl_session_cache_shard_);
 
-  // Shard the session cache based on maximum protocol version. This causes
-  // fallback connections to use a separate session cache.
-  result.append("/");
-  switch (ssl_config_.version_max) {
-    case SSL_PROTOCOL_VERSION_TLS1:
-      result.append("tls1");
-      break;
-    case SSL_PROTOCOL_VERSION_TLS1_1:
-      result.append("tls1.1");
-      break;
-    case SSL_PROTOCOL_VERSION_TLS1_2:
-      result.append("tls1.2");
-      break;
-    case SSL_PROTOCOL_VERSION_TLS1_3:
-      result.append("tls1.3");
-      break;
-    default:
-      NOTREACHED();
-  }
-
   result.append("/");
   if (ssl_config_.deprecated_cipher_suites_enabled)
     result.append("deprecated");