IsSecureTLSCipherSuite should not classify DHE_RSA as secure.
This makes the requirements for 'modern' ECDHE + AEAD, rather than PFS + AEAD.
Given that we'd been hoping to ditch DHE for a while, we should at least get it
out of the modern bucket.
The HTTP/2 requirements stay the same since those are snapshotted into the spec
already. Though early data says that no one uses HTTP/2 with DHE_RSA, which is
good for removal prospects.
Review URL: https://codereview.chromium.org/1405383003
6 files changed