Do not use HTTP/2 without adequate security.

net/socket/ssl_client_socket.h

Index: net/socket/ssl_client_socket.h
diff --git a/net/socket/ssl_client_socket.h b/net/socket/ssl_client_socket.h
index 11b19a1ec02480d2423187e37a9cb8912367ffa4..d61d083d9d0f004f7317dfa5161f08bc223353d9 100644
--- a/net/socket/ssl_client_socket.h
+++ b/net/socket/ssl_client_socket.h
@@ -209,10 +209,19 @@ class NET_EXPORT SSLClientSocket : public SSLSocket {
       const SSLConfig& ssl_config,
       ChannelIDService* channel_id_service);
 
+  // Determine if there is at least one enabled cipher suite and TLS version
+  // that is up to Section 9.2 of the HTTP/2 specification.  Note that the
+  // server might still pick an inadequate cipher suite or TLS version.
+  static bool IsSecurityAdequateForHTTP2(
+      const SSLConfig& ssl_config,
+      const std::vector<uint16>& cipher_suites);
+
   // Serializes |next_protos| in the wire format for ALPN: protocols are listed
-  // in order, each prefixed by a one-byte length.
+  // in order, each prefixed by a one-byte length.  Only advertises HTTP2 if
+  // adequate cipher suites and TLS are also advertised.
   static std::vector<uint8_t> SerializeNextProtos(
-      const std::vector<std::string>& next_protos);
+      const std::vector<std::string>& next_protos,
+      bool advertise_http2);
 
   // For unit testing only.
   // Returns the unverified certificate chain as presented by server.