Remove --enable-unrestricted-ssl3-fallback.

It looks like this isn't actually wired to anything. BUG=354947 TEST=none R=jhawkins@chromium.org, rsleevi@chromium.org Review URL: https://codereview.chromium.org/200693006 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@258714 0039d316-1c4b-4281-b951-d872f2087c98
dednal · Mar 22, 2014 · 05d0ad0 · 05d0ad0
1 parent d15af08
commit 05d0ad0
Show file tree

Hide file tree

Showing 10 changed files with 3 additions and 60 deletions.
diff --git a/chrome/browser/net/ssl_config_service_manager_pref.cc b/chrome/browser/net/ssl_config_service_manager_pref.cc
@@ -176,7 +176,6 @@ class SSLConfigServiceManagerPref
   StringPrefMember ssl_version_max_;
   BooleanPrefMember channel_id_enabled_;
   BooleanPrefMember ssl_record_splitting_disabled_;
-  BooleanPrefMember unrestricted_ssl3_fallback_enabled_;
 
   // The cached list of disabled SSL cipher suites.
   std::vector<uint16> disabled_cipher_suites_;
@@ -210,10 +209,6 @@ SSLConfigServiceManagerPref::SSLConfigServiceManagerPref(
       prefs::kEnableOriginBoundCerts, local_state, local_state_callback);
   ssl_record_splitting_disabled_.Init(
       prefs::kDisableSSLRecordSplitting, local_state, local_state_callback);
-  unrestricted_ssl3_fallback_enabled_.Init(
-      prefs::kEnableUnrestrictedSSL3Fallback,
-      local_state,
-      local_state_callback);
 
   local_state_change_registrar_.Init(local_state);
   local_state_change_registrar_.Add(
@@ -244,8 +239,6 @@ void SSLConfigServiceManagerPref::RegisterPrefs(PrefRegistrySimple* registry) {
                                 default_config.channel_id_enabled);
   registry->RegisterBooleanPref(prefs::kDisableSSLRecordSplitting,
                                 !default_config.false_start_enabled);
-  registry->RegisterBooleanPref(prefs::kEnableUnrestrictedSSL3Fallback,
-      default_config.unrestricted_ssl3_fallback_enabled);
   registry->RegisterListPref(prefs::kCipherSuiteBlacklist);
 }
 
@@ -304,8 +297,6 @@ void SSLConfigServiceManagerPref::GetSSLConfigFromPrefs(
   config->channel_id_enabled = channel_id_enabled_.GetValue();
   // disabling False Start also happens to disable record splitting.
   config->false_start_enabled = !ssl_record_splitting_disabled_.GetValue();
-  config->unrestricted_ssl3_fallback_enabled =
-      unrestricted_ssl3_fallback_enabled_.GetValue();
 }
 
 void SSLConfigServiceManagerPref::OnDisabledCipherSuitesChange(

diff --git a/chrome/browser/net/ssl_config_service_manager_pref_unittest.cc b/chrome/browser/net/ssl_config_service_manager_pref_unittest.cc
@@ -146,11 +146,8 @@ TEST_F(SSLConfigServiceManagerPrefTest, BadDisabledCipherSuites) {
   EXPECT_EQ(0x0005, config.disabled_cipher_suites[1]);
 }
 
-// Test that
-// * without command-line settings for minimum and maximum SSL versions,
-//   SSL 3.0 ~ default_version_max() are enabled;
-// * without --enable-unrestricted-ssl3-fallback,
-//   |unrestricted_ssl3_fallback_enabled| is false.
+// Test that without command-line settings for minimum and maximum SSL versions,
+// SSL 3.0 ~ default_version_max() are enabled.
 TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) {
   scoped_refptr<TestingPrefStore> local_state_store(new TestingPrefStore());
 
@@ -174,13 +171,10 @@ TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) {
   EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_min);
   EXPECT_EQ(net::SSLConfigService::default_version_max(),
             ssl_config.version_max);
-  EXPECT_FALSE(ssl_config.unrestricted_ssl3_fallback_enabled);
 
   // The settings should not be added to the local_state.
   EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMin));
   EXPECT_FALSE(local_state->HasPrefPath(prefs::kSSLVersionMax));
-  EXPECT_FALSE(local_state->HasPrefPath(
-      prefs::kEnableUnrestrictedSSL3Fallback));
 
   // Explicitly double-check the settings are not in the preference store.
   std::string version_min_str;
@@ -189,10 +183,6 @@ TEST_F(SSLConfigServiceManagerPrefTest, NoCommandLinePrefs) {
                                             &version_min_str));
   EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax,
                                             &version_max_str));
-  bool unrestricted_ssl3_fallback_enabled;
-  EXPECT_FALSE(local_state_store->GetBoolean(
-      prefs::kEnableUnrestrictedSSL3Fallback,
-      &unrestricted_ssl3_fallback_enabled));
 }
 
 // Test that command-line settings for minimum and maximum SSL versions are
@@ -203,7 +193,6 @@ TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) {
   CommandLine command_line(CommandLine::NO_PROGRAM);
   command_line.AppendSwitchASCII(switches::kSSLVersionMin, "tls1");
   command_line.AppendSwitchASCII(switches::kSSLVersionMax, "ssl3");
-  command_line.AppendSwitch(switches::kEnableUnrestrictedSSL3Fallback);
 
   PrefServiceMockFactory factory;
   factory.set_user_prefs(local_state_store);
@@ -224,7 +213,6 @@ TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) {
   // Command-line flags should be respected.
   EXPECT_EQ(net::SSL_PROTOCOL_VERSION_TLS1, ssl_config.version_min);
   EXPECT_EQ(net::SSL_PROTOCOL_VERSION_SSL3, ssl_config.version_max);
-  EXPECT_TRUE(ssl_config.unrestricted_ssl3_fallback_enabled);
 
   // Explicitly double-check the settings are not in the preference store.
   const PrefService::Preference* version_min_pref =
@@ -235,18 +223,10 @@ TEST_F(SSLConfigServiceManagerPrefTest, CommandLinePrefs) {
       local_state->FindPreference(prefs::kSSLVersionMax);
   EXPECT_FALSE(version_max_pref->IsUserModifiable());
 
-  const PrefService::Preference* ssl3_fallback_pref =
-      local_state->FindPreference(prefs::kEnableUnrestrictedSSL3Fallback);
-  EXPECT_FALSE(ssl3_fallback_pref->IsUserModifiable());
-
   std::string version_min_str;
   std::string version_max_str;
   EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMin,
                                             &version_min_str));
   EXPECT_FALSE(local_state_store->GetString(prefs::kSSLVersionMax,
                                             &version_max_str));
-  bool unrestricted_ssl3_fallback_enabled;
-  EXPECT_FALSE(local_state_store->GetBoolean(
-      prefs::kEnableUnrestrictedSSL3Fallback,
-      &unrestricted_ssl3_fallback_enabled));
 }
diff --git a/chrome/browser/prefs/command_line_pref_store.cc b/chrome/browser/prefs/command_line_pref_store.cc
@@ -57,8 +57,6 @@ const CommandLinePrefStore::BooleanSwitchToPreferenceMapEntry
       { switches::kDisableTLSChannelID, prefs::kEnableOriginBoundCerts, false },
       { switches::kDisableSSLFalseStart, prefs::kDisableSSLRecordSplitting,
           true },
-      { switches::kEnableUnrestrictedSSL3Fallback,
-          prefs::kEnableUnrestrictedSSL3Fallback, true },
 #if defined(GOOGLE_CHROME_BUILD)
       { switches::kDisablePrintPreview, prefs::kPrintPreviewDisabled, true },
 #else

diff --git a/chrome/common/chrome_switches.cc b/chrome/common/chrome_switches.cc
@@ -707,13 +707,6 @@ const char kEnableThumbnailRetargeting[]   = "enable-thumbnail-retargeting";
 // Enables Translate experimental new UX which replaces the infobar.
 const char kEnableTranslateNewUX[]         = "enable-translate-new-ux";
 
-// Enables unrestricted SSL 3.0 fallback.
-// With this switch, SSL 3.0 fallback will be enabled for all sites.
-// Without this switch, SSL 3.0 fallback will be disabled for a site
-// pinned to the Google pin list (indicating that it is a Google site).
-const char kEnableUnrestrictedSSL3Fallback[] =
-    "enable-unrestricted-ssl3-fallback";
-
 // Enables Alternate-Protocol when the port is user controlled (> 1024).
 const char kEnableUserAlternateProtocolPorts[] =
     "enable-user-controlled-alternate-protocol-ports";

diff --git a/chrome/common/chrome_switches.h b/chrome/common/chrome_switches.h
@@ -203,7 +203,6 @@ extern const char kEnableSyncArticles[];
 extern const char kEnableSyncSyncedNotifications[];
 extern const char kEnableThumbnailRetargeting[];
 extern const char kEnableTranslateNewUX[];
-extern const char kEnableUnrestrictedSSL3Fallback[];
 extern const char kEnableUserAlternateProtocolPorts[];
 extern const char kEnableWatchdog[];
 extern const char kEnableWebSocketOverSpdy[];

diff --git a/chrome/common/pref_names.cc b/chrome/common/pref_names.cc
@@ -1357,8 +1357,6 @@ const char kSSLVersionMax[] = "ssl.version_max";
 const char kCipherSuiteBlacklist[] = "ssl.cipher_suites.blacklist";
 const char kEnableOriginBoundCerts[] = "ssl.origin_bound_certs.enabled";
 const char kDisableSSLRecordSplitting[] = "ssl.ssl_record_splitting.disabled";
-const char kEnableUnrestrictedSSL3Fallback[] =
-    "ssl.unrestricted_ssl3_fallback.enabled";
 
 // A boolean pref of the EULA accepted flag.
 const char kEulaAccepted[] = "EulaAccepted";

diff --git a/chrome/common/pref_names.h b/chrome/common/pref_names.h
@@ -423,7 +423,6 @@ extern const char kSSLVersionMax[];
 extern const char kCipherSuiteBlacklist[];
 extern const char kEnableOriginBoundCerts[];
 extern const char kDisableSSLRecordSplitting[];
-extern const char kEnableUnrestrictedSSL3Fallback[];
 
 extern const char kGLVendorString[];
 extern const char kGLRendererString[];

diff --git a/net/ssl/ssl_config_service.cc b/net/ssl/ssl_config_service.cc
@@ -44,7 +44,6 @@ SSLConfig::SSLConfig()
       false_start_enabled(true),
       signed_cert_timestamps_enabled(true),
       require_forward_secrecy(false),
-      unrestricted_ssl3_fallback_enabled(false),
       send_client_cert(false),
       verify_ev_cert(false),
       version_fallback(false),
@@ -149,9 +148,7 @@ void SSLConfigService::ProcessConfigUpdate(const SSLConfig& orig_config,
       (orig_config.channel_id_enabled != new_config.channel_id_enabled) ||
       (orig_config.false_start_enabled != new_config.false_start_enabled) ||
       (orig_config.require_forward_secrecy !=
-       new_config.require_forward_secrecy) ||
-      (orig_config.unrestricted_ssl3_fallback_enabled !=
-       new_config.unrestricted_ssl3_fallback_enabled);
+       new_config.require_forward_secrecy);
 
   if (config_changed)
     NotifySSLConfigChange();

diff --git a/net/ssl/ssl_config_service.h b/net/ssl/ssl_config_service.h
@@ -107,13 +107,6 @@ struct NET_EXPORT SSLConfig {
   // that could be extended if needed.
   bool require_forward_secrecy;
 
-  // If |unrestricted_ssl3_fallback_enabled| is true, SSL 3.0 fallback will be
-  // enabled for all sites.
-  // If |unrestricted_ssl3_fallback_enabled| is false, SSL 3.0 fallback will be
-  // disabled for a site pinned to the Google pin list (indicating that it is a
-  // Google site).
-  bool unrestricted_ssl3_fallback_enabled;
-
   // TODO(wtc): move the following members to a new SSLParams structure.  They
   // are not SSL configuration settings.
 

diff --git a/net/ssl/ssl_config_service_unittest.cc b/net/ssl/ssl_config_service_unittest.cc
@@ -69,7 +69,6 @@ TEST(SSLConfigServiceTest, ConfigUpdatesNotifyObservers) {
   SSLConfig initial_config;
   initial_config.rev_checking_enabled = true;
   initial_config.false_start_enabled = false;
-  initial_config.unrestricted_ssl3_fallback_enabled = false;
   initial_config.version_min = SSL_PROTOCOL_VERSION_SSL3;
   initial_config.version_max = SSL_PROTOCOL_VERSION_TLS1_1;
 
@@ -87,10 +86,6 @@ TEST(SSLConfigServiceTest, ConfigUpdatesNotifyObservers) {
   EXPECT_CALL(observer, OnSSLConfigChanged()).Times(1);
   mock_service->SetSSLConfig(initial_config);
 
-  initial_config.unrestricted_ssl3_fallback_enabled = true;
-  EXPECT_CALL(observer, OnSSLConfigChanged()).Times(1);
-  mock_service->SetSSLConfig(initial_config);
-
   // Test that changing the SSL version range triggers updates.
   initial_config.version_min = SSL_PROTOCOL_VERSION_TLS1;
   EXPECT_CALL(observer, OnSSLConfigChanged()).Times(1);