Add a dedicated error code for TLS 1.3 interference.

net/base/net_error_list.h

Index: net/base/net_error_list.h
diff --git a/net/base/net_error_list.h b/net/base/net_error_list.h
index 4499ef2f324b249328103b06be186566b7ee1eed..4365f11e4b24c8690beec30e17a3cc6b8897061c 100644
--- a/net/base/net_error_list.h
+++ b/net/base/net_error_list.h
@@ -390,6 +390,20 @@ NET_ERROR(WS_UPGRADE, -173)
 // visible, because the normal Read() method is used as a fallback.
 NET_ERROR(READ_IF_READY_NOT_IMPLEMENTED, -174)
 
+// This error is emitted if TLS 1.3 is enabled, connecting with it failed, but
+// retrying at a downgraded maximum version succeeded. This could mean:
+//

[svaldez, 2017/04/10 20:40:02]

Maybe reorder this in expected order:

1) Middlebox
2) Endpoint
3) Network Error

[davidben, 2017/04/10 21:07:36]

Expected order isn't really meaningful. It also is very important that consumers
realize this is a flaky check, so I want it to be first. Switched the bottom two
though.

+// 1. This is a transient network error that will be resolved when the user
+//    reloads.
+//
+// 2. The server is buggy and does not implement TLS version negotiation
+//    correctly. TLS 1.3 was tweaked to avoid a common server bug here, so this
+//    is unlikely.
+//
+// 3. The user is behind a buggy network middlebox, firewall, or proxy which is
+//    interfering with TLS 1.3.
+NET_ERROR(SSL_VERSION_INTERFERENCE, -175)
+
 // Certificate error codes
 //
 // The values of certificate error codes must be consecutive.