net: don't remember TLS intolerant servers.

I've seen a couple of reports recently where is was clear that an SNI-only
hostname had ended up in the list of TLS-intolerant servers. The result is that
the user sees the non-SNI certificate for that IP address, which doesn't match
the requested hostname. The only way to clear this is to restart Chrome.

This change partly reverts r45088 so that we will no longer remember
TLS-intolerant servers. This means that we'll perform SSLv3 fallback for every
connection, if needed. That's unfortunate for truly TLS-intolerant servers, but
it also means that we'll get back to TLS much faster in the event of a
transient network error trigger fallback.


Review URL:

git-svn-id: 4ff67af0-8c30-449e-8e8b-ad334ec8d88c
3 files changed