net: remove TLS fallback for Google properties.

net/http/http_network_transaction.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/http_network_transaction.h"
 
 #include <set>
 #include <vector>
 
 #include "base/bind.h"
@@ skipping 1225 matching lines @@
         // cipher suite defined only for higher protocol versions (such as
         // an SSL 3.0 server that chose a TLS-only cipher suite).  Fall
         // back to the next lower version and retry.
         // NOTE: if the SSLClientSocket class doesn't support TLS 1.1,
         // specifying TLS 1.1 in version_max will result in a TLS 1.0
         // handshake, so falling back from TLS 1.1 to TLS 1.0 will simply
         // repeat the TLS 1.0 handshake. To avoid this problem, the default
         // version_max should match the maximum protocol version supported
         // by the SSLClientSocket class.
         version_max--;
-
-        // Fallback to the lower SSL version.
-        // While SSL 3.0 fallback should be eliminated because of security
-        // reasons, there is a high risk of breaking the servers if this is
-        // done in general.
-        // For now SSL 3.0 fallback is disabled for Google servers first,
-        // and will be expanded to other servers after enough experiences
-        // have been gained showing that this experiment works well with
-        // today's Internet.
-        if (version_max > SSL_PROTOCOL_VERSION_SSL3 ||
-            (server_ssl_config_.unrestricted_ssl3_fallback_enabled ||
-             !TransportSecurityState::IsGooglePinnedProperty(
-                 request_->url.host(), true /* include SNI */))) {
-          should_fallback = true;
-        }
+        should_fallback = true;
       }
       break;
     case ERR_SSL_BAD_RECORD_MAC_ALERT:
       if (version_max >= SSL_PROTOCOL_VERSION_TLS1_1 &&
           version_max > server_ssl_config_.version_min) {
         // Some broken SSL devices negotiate TLS 1.0 when sent a TLS 1.1 or
         // 1.2 ClientHello, but then return a bad_record_mac alert. See
         // crbug.com/260358. In order to make the fallback as minimal as
         // possible, this fallback is only triggered for >= TLS 1.1.
         version_max--;
         should_fallback = true;
       }
       break;
   }
 
+  // While fallback should be eliminated because of security reasons,
+  // there is a high risk of breaking the servers if this is done in
+  // general.
+  //
+  // For now fallback is disabled for Google servers first, and will be
+  // expanded to other servers after enough experiences have been gained
+  // showing that this experiment works well with today's Internet.
+  //
+  // The --enable-unrestricted-ssl3-fallback command-line flag exists to allow
+  // fallback to any version, all the way down to SSLv3.
+  if (!server_ssl_config_.unrestricted_ssl3_fallback_enabled &&
+      TransportSecurityState::IsGooglePinnedProperty(request_->url.host(),
+                                                     true /* include SNI */)) {
+    should_fallback = false;
+  }
+
   if (should_fallback) {
     net_log_.AddEvent(
         NetLog::TYPE_SSL_VERSION_FALLBACK,
         base::Bind(&NetLogSSLVersionFallbackCallback,
                    &request_->url, error, server_ssl_config_.version_max,
                    version_max));
     server_ssl_config_.version_max = version_max;
     server_ssl_config_.version_fallback = true;
     ResetConnectionAndRequestForResend();
     error = OK;
@@ skipping 196 matching lines @@
       description = base::StringPrintf("Unknown state 0x%08X (%u)", state,
                                        state);
       break;
   }
   return description;
 }
 
 #undef STATE_CASE
 
 }  // namespace net