net: show UI warnings for SSLv3.

chrome/browser/ui/website_settings/website_settings.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/ui/website_settings/website_settings.h"
 
 #include <string>
 #include <vector>
 
 #include "base/bind.h"
@@ skipping 533 matching lines @@
               IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_INSECURE_CONTENT_ERROR :
               IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTED_INSECURE_CONTENT_WARNING)));
     }
   }
 
   uint16 cipher_suite =
       net::SSLConnectionStatusToCipherSuite(ssl.connection_status);
   if (ssl.security_bits > 0 && cipher_suite) {
     int ssl_version =
         net::SSLConnectionStatusToVersion(ssl.connection_status);
+    const bool is_sslv3 = ssl_version == net::SSL_CONNECTION_VERSION_SSL3;
     const char* ssl_version_str;
     net::SSLVersionToString(&ssl_version_str, ssl_version);
     site_connection_details_ += ASCIIToUTF16("\n\n");
     site_connection_details_ += l10n_util::GetStringFUTF16(
         IDS_PAGE_INFO_SECURITY_TAB_SSL_VERSION,
         ASCIIToUTF16(ssl_version_str));
 
-    bool did_fallback = (ssl.connection_status &
-                         net::SSL_CONNECTION_VERSION_FALLBACK) != 0;
     bool no_renegotiation =
         (ssl.connection_status &
         net::SSL_CONNECTION_NO_RENEGOTIATION_EXTENSION) != 0;
     const char *key_exchange, *cipher, *mac;
     bool is_aead;
     net::SSLCipherSuiteToStrings(
         &key_exchange, &cipher, &mac, &is_aead, cipher_suite);
 
     site_connection_details_ += ASCIIToUTF16("\n\n");
     if (is_aead) {
       site_connection_details_ += l10n_util::GetStringFUTF16(
           IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTION_DETAILS_AEAD,
           ASCIIToUTF16(cipher), ASCIIToUTF16(key_exchange));
     } else {
       site_connection_details_ += l10n_util::GetStringFUTF16(
           IDS_PAGE_INFO_SECURITY_TAB_ENCRYPTION_DETAILS,
           ASCIIToUTF16(cipher), ASCIIToUTF16(mac), ASCIIToUTF16(key_exchange));
     }
 
-    if (did_fallback) {
-      // For now, only SSLv3 fallback will trigger a warning icon.
-      if (site_connection_status_ < SITE_CONNECTION_STATUS_MIXED_CONTENT)
-        site_connection_status_ = SITE_CONNECTION_STATUS_MIXED_CONTENT;
-      site_connection_details_ += ASCIIToUTF16("\n\n");
-      site_connection_details_ += l10n_util::GetStringUTF16(
-          IDS_PAGE_INFO_SECURITY_TAB_FALLBACK_MESSAGE);
+    if (is_sslv3 &&
+        site_connection_status_ < SITE_CONNECTION_STATUS_MIXED_CONTENT) {
+      site_connection_status_ = SITE_CONNECTION_STATUS_ENCRYPTED_ERROR;
+      // No message because, if we are planning on removing SSLv3 in M40 then
+      // there's no time to get a translation.

[Ryan Sleevi, 2014/10/17 22:27:45]

Comment nit: There's a weird comma splice here, but also the pronouns.

I would delete the comment, since this will only be read on the branch (which no
one does) once we drop ssl3

[agl, 2014/10/17 23:25:36]

Done.

     }
+
     if (no_renegotiation) {
       site_connection_details_ += ASCIIToUTF16("\n\n");
       site_connection_details_ += l10n_util::GetStringUTF16(
           IDS_PAGE_INFO_SECURITY_TAB_RENEGOTIATION_MESSAGE);
     }
   }
 
   // Check if a user decision has been made to allow or deny certificates with
   // errors on this site.
   ChromeSSLHostStateDelegate* delegate =
@@ skipping 162 matching lines @@
   if (visited_before_today) {
     first_visit_text = l10n_util::GetStringFUTF16(
         IDS_PAGE_INFO_SECURITY_TAB_VISITED_BEFORE_TODAY,
         base::TimeFormatShortDate(first_visit));
   } else {
     first_visit_text = l10n_util::GetStringUTF16(
         IDS_PAGE_INFO_SECURITY_TAB_FIRST_VISITED_TODAY);
   }
   ui_->SetFirstVisit(first_visit_text);
 }