Do not use HTTP/2 without adequate security.

net/socket/ssl_client_socket.h

Index: net/socket/ssl_client_socket.h
diff --git a/net/socket/ssl_client_socket.h b/net/socket/ssl_client_socket.h
index ff0e3034ec8c6a6ae46c3dd1a0ff724d7045b01e..68f64fad717cdb05ffb4c11ffc7256b35a08bd50 100644
--- a/net/socket/ssl_client_socket.h
+++ b/net/socket/ssl_client_socket.h
@@ -209,10 +209,19 @@ class NET_EXPORT SSLClientSocket : public SSLSocket {
       const SSLConfig& ssl_config,
       ChannelIDService* channel_id_service);
 
+  // Determine if there is at least one enabled cipher suite and TLS version
+  // that is satisfies Section 9.2 of the HTTP/2 specification.  Note that the
+  // server might still pick an inadequate cipher suite or TLS version.
+  static bool IsSecurityAdequateForHTTP2(
+      const SSLConfig& ssl_config,
+      const std::vector<uint16>& cipher_suites);
+
   // Serializes |next_protos| in the wire format for ALPN: protocols are listed
-  // in order, each prefixed by a one-byte length.
+  // in order, each prefixed by a one-byte length.  Any HTTP/2 protocols in
+  // |next_protos| are ignored if |can_advertise_http2| is false.
   static std::vector<uint8_t> SerializeNextProtos(
-      const NextProtoVector& next_protos);
+      const NextProtoVector& next_protos,
+      bool can_advertise_http2);
 
   // For unit testing only.
   // Returns the unverified certificate chain as presented by server.