Revert 151198 - Turn off TLS 1.1.

Review URL: https://chromiumcodereview.appspot.com/10828272 Bug 141629 has been fixed. We can turn on TLS 1.1 on the trunk. TBR=agl@chromium.org,rsleevi@chromium.org BUG=142172 TEST=Visit https://www.google.com/ and https://www.facebook.com/. Click the lock icon. The page info bubble should say "The connection uses TLS 1.1." Review URL: https://chromiumcodereview.appspot.com/10854212 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@152404 0039d316-1c4b-4281-b951-d872f2087c98

Revert 151198 - Turn off TLS 1.1.
Review URL: https://chromiumcodereview.appspot.com/10828272 Bug 141629 has been fixed. We can turn on TLS 1.1 on the trunk. TBR=agl@chromium.org,rsleevi@chromium.org BUG=142172 TEST=Visit https://www.google.com/ and https://www.facebook.com/. Click the lock icon. The page info bubble should say "The connection uses TLS 1.1." Review URL: https://chromiumcodereview.appspot.com/10854212 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@152404 0039d316-1c4b-4281-b951-d872f2087c98
21a1a185 · wtc@chromium.org · 9f843612 · 21a1a185 · 21a1a185 · 21a1a185
Commit 21a1a185 authored Aug 20, 2012 by wtc@chromium.org
4 changed files
--- a/net/base/ssl_config_service.cc
+++ b/net/base/ssl_config_service.cc
@@ -18,7 +18,16 @@ namespace net {
 static uint16 g_default_version_min = SSL_PROTOCOL_VERSION_SSL3;
-static uint16 g_default_version_max = SSL_PROTOCOL_VERSION_TLS1;
+static uint16 g_default_version_max =
+#if defined(USE_OPENSSL)
+#if defined(SSL_OP_NO_TLSv1_1)
+    SSL_PROTOCOL_VERSION_TLS1_1;
+#else
+    SSL_PROTOCOL_VERSION_TLS1;
+#endif
+#else
+    SSL_PROTOCOL_VERSION_TLS1_1;
+#endif
 SSLConfig::CertAndStatus::CertAndStatus() : cert_status(0) {}

--- a/net/socket/ssl_server_socket_nss.cc
+++ b/net/socket/ssl_server_socket_nss.cc
@@ -103,7 +103,7 @@ SSLServerSocketNSS::SSLServerSocketNSS(
      completed_handshake_(false) {
  ssl_config_.false_start_enabled = false;
  ssl_config_.version_min = SSL_PROTOCOL_VERSION_SSL3;
-  ssl_config_.version_max = SSL_PROTOCOL_VERSION_TLS1;
+  ssl_config_.version_max = SSL_PROTOCOL_VERSION_TLS1_1;
  // TODO(hclam): Need a better way to clone a key.
  std::vector<uint8> key_bytes;

--- a/net/socket/ssl_server_socket_unittest.cc
+++ b/net/socket/ssl_server_socket_unittest.cc
@@ -335,7 +335,7 @@ class SSLServerSocketTest : public PlatformTest {
    ssl_config.false_start_enabled = false;
    ssl_config.channel_id_enabled = false;
    ssl_config.version_min = SSL_PROTOCOL_VERSION_SSL3;
-    ssl_config.version_max = SSL_PROTOCOL_VERSION_TLS1;
+    ssl_config.version_max = SSL_PROTOCOL_VERSION_TLS1_1;
    // Certificate provided by the host doesn't need authority.
    net::SSLConfig::CertAndStatus cert_and_status;

--- a/net/url_request/url_request_unittest.cc
+++ b/net/url_request/url_request_unittest.cc
@@ -1825,6 +1825,10 @@ TEST_F(HTTPSRequestTest, SSLv3Fallback) {
 // than necessary.
 TEST_F(HTTPSRequestTest, TLSv1Fallback) {
  uint16 default_version_max = SSLConfigService::default_version_max();
+  // The OpenSSL library in use may not support TLS 1.1.
+#if !defined(USE_OPENSSL)
+  EXPECT_GT(default_version_max, SSL_PROTOCOL_VERSION_TLS1);
+#endif
  if (default_version_max <= SSL_PROTOCOL_VERSION_TLS1)
    return;