Remove the deprecated cipher fallback.

net/http/http_network_transaction.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/http/http_network_transaction.h"
 
 #include <memory>
 #include <set>
 #include <utility>
 #include <vector>
@@ skipping 52 matching lines @@
 #include "net/spdy/chromium/spdy_session_pool.h"
 #include "net/ssl/ssl_cert_request_info.h"
 #include "net/ssl/ssl_connection_status_flags.h"
 #include "net/ssl/ssl_private_key.h"
 #include "net/ssl/token_binding.h"
 #include "url/gurl.h"
 #include "url/url_canon.h"
 
 namespace net {
 
-namespace {
-
-std::unique_ptr<base::Value> NetLogSSLCipherFallbackCallback(
-    const GURL* url,
-    int net_error,
-    NetLogCaptureMode /* capture_mode */) {
-  std::unique_ptr<base::DictionaryValue> dict(new base::DictionaryValue());
-  dict->SetString("host_and_port", GetHostAndPort(*url));
-  dict->SetInteger("net_error", net_error);
-  return std::move(dict);
-}
-
-}  // namespace
-
-//-----------------------------------------------------------------------------
-
 HttpNetworkTransaction::HttpNetworkTransaction(RequestPriority priority,
                                                HttpNetworkSession* session)
     : pending_auth_target_(HttpAuth::AUTH_NONE),
       io_callback_(base::Bind(&HttpNetworkTransaction::OnIOComplete,
                               base::Unretained(this))),
       session_(session),
       request_(NULL),
       priority_(priority),
       headers_valid_(false),
       request_headers_(),
@@ skipping 775 matching lines @@
 }
 
 int HttpNetworkTransaction::DoCreateStreamComplete(int result) {
   // If |result| is ERR_HTTPS_PROXY_TUNNEL_RESPONSE, then
   // DoCreateStreamComplete is being called from OnHttpsProxyTunnelResponse,
   // which resets the stream request first. Therefore, we have to grab the
   // connection attempts in *that* function instead of here in that case.
   if (result != ERR_HTTPS_PROXY_TUNNEL_RESPONSE)
     CopyConnectionAttemptsFromStreamRequest();
 
-  if (request_->url.SchemeIsCryptographic())
-    RecordSSLFallbackMetrics(result);
-
   if (result == OK) {
     next_state_ = STATE_INIT_STREAM;
     DCHECK(stream_.get());
   } else if (result == ERR_SSL_CLIENT_AUTH_CERT_NEEDED) {
     result = HandleCertificateRequest(result);
   } else if (result == ERR_HTTPS_PROXY_TUNNEL_RESPONSE) {
     // Return OK and let the caller read the proxy's error page
     next_state_ = STATE_NONE;
     return OK;
   } else if (result == ERR_HTTP_1_1_REQUIRED ||
@@ skipping 608 matching lines @@
   }
 }
 
 // TODO(rch): This does not correctly handle errors when an SSL proxy is
 // being used, as all of the errors are handled as if they were generated
 // by the endpoint host, request_->url, rather than considering if they were
 // generated by the SSL proxy. http://crbug.com/69329
 int HttpNetworkTransaction::HandleSSLHandshakeError(int error) {
   DCHECK(request_);
   HandleClientAuthError(error);
-
-  // Accept deprecated cipher suites, but only on a fallback. This makes UMA
-  // reflect servers require a deprecated cipher rather than merely prefer
-  // it. This, however, has no security benefit until the ciphers are actually
-  // removed.
-  if (!server_ssl_config_.deprecated_cipher_suites_enabled &&
-      (error == ERR_SSL_VERSION_OR_CIPHER_MISMATCH ||
-       error == ERR_CONNECTION_CLOSED || error == ERR_CONNECTION_RESET)) {
-    net_log_.AddEvent(
-        NetLogEventType::SSL_CIPHER_FALLBACK,
-        base::Bind(&NetLogSSLCipherFallbackCallback, &request_->url, error));
-    server_ssl_config_.deprecated_cipher_suites_enabled = true;
-    ResetConnectionAndRequestForResend();
-    return OK;
-  }
-
   return error;
 }
 
 // This method determines whether it is safe to resend the request after an
 // IO error.  It can only be called in response to request header or body
 // write errors or response header read errors.  It should not be used in
 // other cases, such as a Connect error.
 int HttpNetworkTransaction::HandleIOError(int error) {
   // Because the peer may request renegotiation with client authentication at
   // any time, check and handle client authentication errors.
@@ skipping 93 matching lines @@
   provided_token_binding_key_.reset();
   referred_token_binding_key_.reset();
 }
 
 void HttpNetworkTransaction::CacheNetErrorDetailsAndResetStream() {
   if (stream_)
     stream_->PopulateNetErrorDetails(&net_error_details_);
   stream_.reset();
 }
 
-void HttpNetworkTransaction::RecordSSLFallbackMetrics(int result) {
-  if (result != OK)
-    return;
-
-  UMA_HISTOGRAM_BOOLEAN("Net.ConnectionUsedSSLDeprecatedCipherFallback2",
-                        server_ssl_config_.deprecated_cipher_suites_enabled);
-}
-
 HttpResponseHeaders* HttpNetworkTransaction::GetResponseHeaders() const {
   return response_.headers.get();
 }
 
 bool HttpNetworkTransaction::ShouldResendRequest() const {
   bool connection_is_proven = stream_->IsConnectionReused();
   bool has_received_headers = GetResponseHeaders() != NULL;
 
   // NOTE: we resend a request only if we reused a keep-alive connection.
   // This automatically prevents an infinite resend loop because we'll run
@@ skipping 153 matching lines @@
   if (headers->IsRedirect(nullptr)) {
     UMA_HISTOGRAM_BOOLEAN("Net.RedirectWithUnadvertisedContentEncoding",
                           !result);
     return true;
   }
 
   return result;
 }
 
 }  // namespace net