Use TLS 1.1.
Enable SSL 3.0 ~ TLS 1.1 by default. If the SSLClientSocket class does
not support TLS 1.1, enable SSL 3.0 ~ TLS 1.0 by default.
TLS intolerant servers are handled by falling back to the next lower
protocol version at a time, rather than falling back to SSL 3.0 directly.
In the SSLConfig structure, replace the ssl3_enabled and tls1_enabled
members by version_min and version_max to allow multiple, contiguous
protocol versions to be enabled, and rename the ssl3_fallback member to
version_fallback.
The preferences prefs::kSSL3Enabled and prefs::kTLS1Enabled are not
yet removed. Generalize prefs::kTLS1Enabled to mean enabling or
disabling all TLS versions.
[email protected],[email protected]
BUG=126340
TEST=net_unittests --gtest_filter=HTTPSRequestTest.TLSv1Fallback
Review URL: https://chromiumcodereview.appspot.com/10377022
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@139204 0039d316-1c4b-4281-b951-d872f2087c98
22 files changed
