net/ssl/ssl_failure_state.h

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_SSL_SSL_FAILURE_STATE_H_
   6 #define NET_SSL_SSL_FAILURE_STATE_H_
   7
   8 namespace net {
   9
  10 // Describes the most likely cause for the TLS handshake failure. This is an
  11 // approximation used to classify the causes of TLS version fallback. These
  12 // values are used in histograms, so new values must be appended.
  13 enum SSLFailureState {
  14   // The connection was successful.
  15   SSL_FAILURE_NONE = 0,
  16
  17   // The connection failed for unknown reasons.
  18   SSL_FAILURE_UNKNOWN = 1,
  19
  20   // The connection failed after sending ClientHello and before receiving
  21   // ServerHello.
  22   SSL_FAILURE_CLIENT_HELLO = 2,
  23
  24   // The connection failed after negotiating TLS_RSA_WITH_AES_128_GCM_SHA256 or
  25   // TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 and completing the client's second
  26   // leg. Some Microsoft IIS servers fail at this point. See
  27   // https://crbug.com/433406.
  28   SSL_FAILURE_BUGGY_GCM = 3,
  29
  30   // The connection failed after CertificateVerify was sent. Some servers are
  31   // known to incorrectly implement TLS 1.2 client auth.
  32   SSL_FAILURE_CLIENT_AUTH = 4,
  33
  34   // The connection failed because the server attempted to resume a session at
  35   // the wrong version. Some versions of OpenSSL may do this in rare
  36   // circumstances. See https://crbug.com/441456
  37   SSL_FAILURE_SESSION_MISMATCH = 5,
  38
  39   // The connection failed after sending the NextProto message. Some F5 servers
  40   // fail to parse such messages in TLS 1.1 and TLS 1.2, but not 1.0. See
  41   // https://crbug.com/466977.
  42   SSL_FAILURE_NEXT_PROTO = 6,
  43
  44   SSL_FAILURE_MAX,
  45 };
  46
  47 }  // namespace net
  48
  49 #endif  // NET_SSL_SSL_FAILURE_STATE_H_