Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / net / ssl / ssl_failure_state.h
blob5f43e0ab43458f1c86633fc08e1672329e941827
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_SSL_SSL_FAILURE_STATE_H_
6 #define NET_SSL_SSL_FAILURE_STATE_H_
8 namespace net {
10 // Describes the most likely cause for the TLS handshake failure. This is an
11 // approximation used to classify the causes of TLS version fallback. These
12 // values are used in histograms, so new values must be appended.
13 enum SSLFailureState {
14 // The connection was successful.
15 SSL_FAILURE_NONE = 0,
17 // The connection failed for unknown reasons.
18 SSL_FAILURE_UNKNOWN = 1,
20 // The connection failed after sending ClientHello and before receiving
21 // ServerHello.
22 SSL_FAILURE_CLIENT_HELLO = 2,
24 // The connection failed after negotiating TLS_RSA_WITH_AES_128_GCM_SHA256 or
25 // TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 and completing the client's second
26 // leg. Some Microsoft IIS servers fail at this point. See
27 // https://crbug.com/433406.
28 SSL_FAILURE_BUGGY_GCM = 3,
30 // The connection failed after CertificateVerify was sent. Some servers are
31 // known to incorrectly implement TLS 1.2 client auth.
32 SSL_FAILURE_CLIENT_AUTH = 4,
34 // The connection failed because the server attempted to resume a session at
35 // the wrong version. Some versions of OpenSSL may do this in rare
36 // circumstances. See https://crbug.com/441456
37 SSL_FAILURE_SESSION_MISMATCH = 5,
39 // The connection failed after sending the NextProto message. Some F5 servers
40 // fail to parse such messages in TLS 1.1 and TLS 1.2, but not 1.0. See
41 // https://crbug.com/466977.
42 SSL_FAILURE_NEXT_PROTO = 6,
44 SSL_FAILURE_MAX,
47 } // namespace net
49 #endif // NET_SSL_SSL_FAILURE_STATE_H_