Remove ECDSA CBC ciphers.

BUG=658341

Review-Url: https://chromiumcodereview.appspot.com/2442883002
Cr-Commit-Position: refs/heads/master@{#426947}

net/socket/ssl_client_socket_impl.cc

@@ -920,11 +920,6 @@ int SSLClientSocketImpl::Init() {
   SSL_set_mode(ssl_.get(), mode.set_mask);
   SSL_clear_mode(ssl_.get(), mode.clear_mask);
 
-  // Use BoringSSL defaults, but disable HMAC-SHA256 and HMAC-SHA384 ciphers
-  // (note that SHA256 and SHA384 only select legacy CBC ciphers). Also disable
-  // DHE_RSA_WITH_AES_256_GCM_SHA384. Historically, AES_256_GCM was not
-  // supported. As DHE is being deprecated, don't add a cipher only to remove it
-  // immediately.
   std::string command;
   if (SSLClientSocket::IsPostQuantumExperimentEnabled()) {
     // These are experimental, non-standard ciphersuites.  They are part of an
@@ -945,7 +940,18 @@ int SSLClientSocketImpl::Init() {
           "CECPQ1-ECDSA-AES256-GCM-SHA384:");
     }
   }
-  command.append("ALL:!SHA256:!SHA384:!DHE-RSA-AES256-GCM-SHA384:!aPSK:!RC4");
+
+  // Use BoringSSL defaults, but disable HMAC-SHA256 and HMAC-SHA384 ciphers
+  // (note that SHA256 and SHA384 only select legacy CBC ciphers). Additionally
+  // disable HMAC-SHA1 ciphers in ECDSA. Also disable
+  // DHE_RSA_WITH_AES_256_GCM_SHA384. Historically, AES_256_GCM was not
+  // supported. As DHE is being deprecated, don't add a cipher only to remove it
+  // immediately.
+  //
+  // TODO(davidben): Remove the DHE_RSA_WITH_AES_256_GCM_SHA384 exclusion when
+  // the DHEEnabled administrative policy expires.
+  command.append(
+      "ALL:!SHA256:!SHA384:!ECDSA+SHA1:!DHE-RSA-AES256-GCM-SHA384:!aPSK:!RC4");
 
   if (ssl_config_.require_ecdhe)
     command.append(":!kRSA:!kDHE");