net: also do TLS 1.1 -> 1.0 fallback on ERR_CONNECTION_ABORTED.

We currently perform TLS 1.1 -> 1.0 fallback for ERR_CONNECTION_RESET to workaround some buggy servers. This change causes ERR_CONNECTION_ABORTED to be treated like ERR_CONNECTION_RESET because, with non-blocking I/O, it appears that we get this error rather than ERR_CONNECTION_RESET. See r165170 and the bug. See https://code.google.com/p/chromium/issues/detail?id=178672#c17 BUG=178672,179037 Review URL: https://codereview.chromium.org/12390059 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@186218 0039d316-1c4b-4281-b951-d872f2087c98

net: also do TLS 1.1 -> 1.0 fallback on ERR_CONNECTION_ABORTED.
We currently perform TLS 1.1 -> 1.0 fallback for ERR_CONNECTION_RESET to workaround some buggy servers. This change causes ERR_CONNECTION_ABORTED to be treated like ERR_CONNECTION_RESET because, with non-blocking I/O, it appears that we get this error rather than ERR_CONNECTION_RESET. See r165170 and the bug. See https://code.google.com/p/chromium/issues/detail?id=178672#c17 BUG=178672,179037 Review URL: https://codereview.chromium.org/12390059 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@186218 0039d316-1c4b-4281-b951-d872f2087c98
a84b2348 · agl@chromium.org · 565f32fc · a84b2348
Commit a84b2348 authored Mar 05, 2013 by agl@chromium.org
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 7 deletions

net/socket/ssl_client_socket_nss.cc net/socket/ssl_client_socket_nss.cc +11 -7

No files found.
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -1904,15 +1904,19 @@ int SSLClientSocketNSS::Core::DoHandshake() {
    // inject TCP reset packets to break the connections when they see
    // TLS 1.1 in ClientHello or ServerHello. See http://crbug.com/130293.
    //
-    // Only allow ERR_CONNECTION_RESET to trigger a TLS 1.1 -> TLS 1.0
-    // fallback. We don't lose much in this fallback because the explicit
-    // IV for CBC mode in TLS 1.1 is approximated by record splitting in
-    // TLS 1.0.
+    // Only allow ERR_CONNECTION_RESET/ABORTED to trigger a TLS 1.1 -> TLS 1.0
+    // fallback. We don't lose much in this fallback because the explicit IV
+    // for CBC mode in TLS 1.1 is approximated by record splitting in TLS 1.0.
    //
-    // ERR_CONNECTION_RESET is a common network error, so we don't want it
-    // to trigger a version fallback in general, especially the TLS 1.0 ->
+    // ERR_CONNECTION_RESET/ABORTED are common network errors, so we don't want
+    // them to trigger a version fallback in general, especially the TLS 1.0 ->
    // SSL 3.0 fallback, which would drop TLS extensions.
-    if (prerr == PR_CONNECT_RESET_ERROR &&
+    //
+    // ERR_CONNECTION_ABORTED was added because we get this error message when
+    // using non-blocking reads instead of async/overlapped reads. See
+    // crbug.com/178672.
+    if ((prerr == PR_CONNECT_RESET_ERROR ||
+         prerr == PR_CONNECT_ABORTED_ERROR) &&
        ssl_config_.version_max == SSL_PROTOCOL_VERSION_TLS1_1) {
      net_error = ERR_SSL_PROTOCOL_ERROR;
    }