Disable TLS 1.0/1.1 support in WebView by default

This (1) flips the kWebViewLegacyTlsSupport feature flag to be disabled by default (turning off support for TLS 1.0/1.1 in WebView), (2) removes the field trial config entry, and (3) updates a test for the flag-enabled case. Bug: 1294330 Change-Id: I977e200870c41612c95962e021c07dd52b74f132 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3763335 Reviewed-by: Richard Coles <torne@chromium.org> Commit-Queue: Chris Thompson <cthomp@chromium.org> Cr-Commit-Position: refs/heads/main@{#1024775}
marcosholgado · Jul 15, 2022 · baa5cec · baa5cec
1 parent 24e5493
commit baa5cec
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 17 deletions.
diff --git a/android_webview/browser/aw_browser_context_unittest.cc b/android_webview/browser/aw_browser_context_unittest.cc
@@ -84,8 +84,13 @@ TEST_F(AwBrowserContextTest, SHA1LocalAnchorsAllowed) {
       network_context_params.initial_ssl_config->sha1_local_anchors_enabled);
 }
 
-// Tests that TLS 1.0/1.1 is still allowed for WebView by default.
+// Tests that TLS 1.0/1.1 is still allowed for WebView if the escape hatch
+// feature is enabled.
 TEST_F(AwBrowserContextTest, LegacyTLSVersionsAllowed) {
+  base::test::ScopedFeatureList feature_list;
+  feature_list.InitAndEnableFeature(
+      android_webview::features::kWebViewLegacyTlsSupport);
+
   AwBrowserContext context;
   network::mojom::NetworkContextParams network_context_params;
   cert_verifier::mojom::CertVerifierCreationParams cert_verifier_params;

diff --git a/android_webview/common/aw_features.cc b/android_webview/common/aw_features.cc
@@ -57,7 +57,7 @@ const base::Feature kWebViewJavaJsBridgeMojo{"WebViewJavaJsBridgeMojo",
 
 // When enabled, connections using legacy TLS 1.0/1.1 versions are allowed.
 const base::Feature kWebViewLegacyTlsSupport{"WebViewLegacyTlsSupport",
-                                             base::FEATURE_ENABLED_BY_DEFAULT};
+                                             base::FEATURE_DISABLED_BY_DEFAULT};
 
 // Measure the number of pixels occupied by one or more WebViews as a
 // proportion of the total screen size. Depending on the number of

diff --git a/testing/variations/fieldtrial_testing_config.json b/testing/variations/fieldtrial_testing_config.json
@@ -10076,21 +10076,6 @@
             ]
         }
     ],
-    "WebViewLegacyTlsSupport": [
-        {
-            "platforms": [
-                "android_webview"
-            ],
-            "experiments": [
-                {
-                    "name": "Disabled",
-                    "disable_features": [
-                        "WebViewLegacyTlsSupport"
-                    ]
-                }
-            ]
-        }
-    ],
     "WebViewMeasureScreenCoverage": [
         {
             "platforms": [