| // Copyright 2015 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #ifndef NET_SSL_SSL_FAILURE_STATE_H_ |
| #define NET_SSL_SSL_FAILURE_STATE_H_ |
| |
| namespace net { |
| |
| // Describes the most likely cause for the TLS handshake failure. This is an |
| // approximation used to classify the causes of TLS version fallback. These |
| // values are used in histograms, so new values must be appended. |
| enum SSLFailureState { |
| // The connection was successful. |
| SSL_FAILURE_NONE = 0, |
| |
| // The connection failed for unknown reasons. |
| SSL_FAILURE_UNKNOWN = 1, |
| |
| // The connection failed after sending ClientHello and before receiving |
| // ServerHello. |
| SSL_FAILURE_CLIENT_HELLO = 2, |
| |
| // The connection failed after negotiating TLS_RSA_WITH_AES_128_GCM_SHA256 or |
| // TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 and completing the client's second |
| // leg. Some Microsoft IIS servers fail at this point. See |
| // https://crbug.com/433406. |
| SSL_FAILURE_BUGGY_GCM = 3, |
| |
| // The connection failed after CertificateVerify was sent. Some servers are |
| // known to incorrectly implement TLS 1.2 client auth. |
| SSL_FAILURE_CLIENT_AUTH = 4, |
| |
| // The connection failed because the server attempted to resume a session at |
| // the wrong version. Some versions of OpenSSL may do this in rare |
| // circumstances. See https://crbug.com/441456 |
| SSL_FAILURE_SESSION_MISMATCH = 5, |
| |
| // The connection failed after sending the NextProto message. Some F5 servers |
| // fail to parse such messages in TLS 1.1 and TLS 1.2, but not 1.0. See |
| // https://crbug.com/466977. |
| SSL_FAILURE_NEXT_PROTO = 6, |
| |
| SSL_FAILURE_MAX, |
| }; |
| |
| } // namespace net |
| |
| #endif // NET_SSL_SSL_FAILURE_STATE_H_ |