Do not use HTTP/2 without adequate security.

net/socket/ssl_client_socket.h

Index: net/socket/ssl_client_socket.h
diff --git a/net/socket/ssl_client_socket.h b/net/socket/ssl_client_socket.h
index d72dee50166d231c300e6ebc2b9227e67e19bb81..0f8da5b136fca5d98a60c5f1f503685e46611da2 100644
--- a/net/socket/ssl_client_socket.h
+++ b/net/socket/ssl_client_socket.h
@@ -209,10 +209,19 @@ class NET_EXPORT SSLClientSocket : public SSLSocket {
       const SSLConfig& ssl_config,
       ChannelIDService* channel_id_service);
 
+  // Determine if there is at least one enabled cipher suite and TLS version
+  // that is satisfies Section 9.2 of the HTTP/2 specification.  Note that the
+  // server might still pick an inadequate cipher suite or TLS version.
+  static bool IsSecurityAdequateForHTTP2(
+      const SSLConfig& ssl_config,
+      const std::vector<uint16>& cipher_suites);
+
   // Serializes |next_protos| in the wire format for ALPN: protocols are listed
-  // in order, each prefixed by a one-byte length.
+  // in order, each prefixed by a one-byte length.  Any HTTP/2 protocols in
+  // |next_protos| are ignored if |can_advertise_http2| is false.
   static std::vector<uint8_t> SerializeNextProtos(
-      const NextProtoVector& next_protos);
+      const NextProtoVector& next_protos,
+      bool can_advertise_http2);
 
   // For unit testing only.
   // Returns the unverified certificate chain as presented by server.