Bug 1130670 - Remove dead code that tracks strongCipherStatus. r=keeler
☠☠ backed out by ee830b93a552 ☠ ☠
authorMasatoshi Kimura <VYV03354@nifty.ne.jp>
Sat, 14 Feb 2015 15:16:04 +0900
changeset 229232 9507662057de474ed29fd40550635332fe7a1668
parent 229231 8041e061077776d18cf39fe381e861fa34c77dc7
child 229233 41aa3bdc7e753b84ed8b0fe54f95e1931001f029
push id28282
push usercbook@mozilla.com
push dateMon, 16 Feb 2015 15:06:35 +0000
treeherdermozilla-central@09f4968d5f42 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerskeeler
bugs1130670
milestone38.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1130670 - Remove dead code that tracks strongCipherStatus. r=keeler
security/manager/ssl/src/nsNSSIOLayer.cpp
security/manager/ssl/src/nsNSSIOLayer.h
security/manager/ssl/tests/gtest/TLSIntoleranceTest.cpp
--- a/security/manager/ssl/src/nsNSSIOLayer.cpp
+++ b/security/manager/ssl/src/nsNSSIOLayer.cpp
@@ -815,24 +815,20 @@ nsSSLIOLayerHelpers::rememberTolerantAtV
   IntoleranceEntry entry;
   if (mTLSIntoleranceInfo.Get(key, &entry)) {
     entry.AssertInvariant();
     entry.tolerant = std::max(entry.tolerant, tolerant);
     if (entry.intolerant != 0 && entry.intolerant <= entry.tolerant) {
       entry.intolerant = entry.tolerant + 1;
       entry.intoleranceReason = 0; // lose the reason
     }
-    if (entry.strongCipherStatus == StrongCipherStatusUnknown) {
-      entry.strongCipherStatus = StrongCiphersWorked;
-    }
   } else {
     entry.tolerant = tolerant;
     entry.intolerant = 0;
     entry.intoleranceReason = 0;
-    entry.strongCipherStatus = StrongCiphersWorked;
   }
 
   entry.AssertInvariant();
 
   mTLSIntoleranceInfo.Put(key, entry);
 }
 
 uint16_t
@@ -847,19 +843,16 @@ nsSSLIOLayerHelpers::forgetIntolerance(c
   uint16_t tolerant = 0;
   IntoleranceEntry entry;
   if (mTLSIntoleranceInfo.Get(key, &entry)) {
     entry.AssertInvariant();
 
     tolerant = entry.tolerant;
     entry.intolerant = 0;
     entry.intoleranceReason = 0;
-    if (entry.strongCipherStatus != StrongCiphersWorked) {
-      entry.strongCipherStatus = StrongCipherStatusUnknown;
-    }
 
     entry.AssertInvariant();
     mTLSIntoleranceInfo.Put(key, entry);
   }
 
   return tolerant;
 }
 
@@ -940,63 +933,30 @@ nsSSLIOLayerHelpers::rememberIntolerantA
       return false;
     }
     if ((entry.intolerant != 0 && intolerant >= entry.intolerant)) {
       // We already know that the server is intolerant at a lower version.
       return true;
     }
   } else {
     entry.tolerant = 0;
-    entry.strongCipherStatus = StrongCipherStatusUnknown;
   }
 
   entry.intolerant = intolerant;
   entry.intoleranceReason = intoleranceReason;
   entry.AssertInvariant();
   mTLSIntoleranceInfo.Put(key, entry);
 
   return true;
 }
 
-// returns true if we should retry the handshake
-bool
-nsSSLIOLayerHelpers::rememberStrongCiphersFailed(const nsACString& hostName,
-                                                 int16_t port,
-                                                 PRErrorCode intoleranceReason)
-{
-  nsCString key;
-  getSiteKey(hostName, port, key);
-
-  MutexAutoLock lock(mutex);
-
-  IntoleranceEntry entry;
-  if (mTLSIntoleranceInfo.Get(key, &entry)) {
-    entry.AssertInvariant();
-    if (entry.strongCipherStatus != StrongCipherStatusUnknown) {
-      // We already know if the server supports a strong cipher.
-      return false;
-    }
-  } else {
-    entry.tolerant = 0;
-    entry.intolerant = 0;
-    entry.intoleranceReason = intoleranceReason;
-  }
-
-  entry.strongCipherStatus = StrongCiphersFailed;
-  entry.AssertInvariant();
-  mTLSIntoleranceInfo.Put(key, entry);
-
-  return true;
-}
-
 void
 nsSSLIOLayerHelpers::adjustForTLSIntolerance(const nsACString& hostName,
                                              int16_t port,
-                                             /*in/out*/ SSLVersionRange& range,
-                                             /*out*/ StrongCipherStatus& strongCipherStatus)
+                                             /*in/out*/ SSLVersionRange& range)
 {
   IntoleranceEntry entry;
 
   {
     nsCString key;
     getSiteKey(hostName, port, key);
 
     MutexAutoLock lock(mutex);
@@ -1009,17 +969,16 @@ nsSSLIOLayerHelpers::adjustForTLSIntoler
 
   if (entry.intolerant != 0) {
     // We've tried connecting at a higher range but failed, so try at the
     // version we haven't tried yet, unless we have reached the minimum.
     if (range.min < entry.intolerant) {
       range.max = entry.intolerant - 1;
     }
   }
-  strongCipherStatus = entry.strongCipherStatus;
 }
 
 PRErrorCode
 nsSSLIOLayerHelpers::getIntoleranceReason(const nsACString& hostName,
                                           int16_t port)
 {
   IntoleranceEntry entry;
 
@@ -2606,20 +2565,19 @@ nsSSLIOLayerSetOptions(PRFileDesc* fd, b
   key = nsDependentCString(host) + NS_LITERAL_CSTRING(":") + nsPrintfCString("%d", port);
 
   SSLVersionRange range;
   if (SSL_VersionRangeGet(fd, &range) != SECSuccess) {
     return NS_ERROR_FAILURE;
   }
 
   uint16_t maxEnabledVersion = range.max;
-  StrongCipherStatus strongCiphersStatus = StrongCipherStatusUnknown;
   infoObject->SharedState().IOLayerHelpers()
     .adjustForTLSIntolerance(infoObject->GetHostName(), infoObject->GetPort(),
-                             range, strongCiphersStatus);
+                             range);
   bool useWeakCiphers = range.max <= SSL_LIBRARY_VERSION_TLS_1_0 &&
                         nsNSSComponent::AreAnyWeakCiphersEnabled();
   PR_LOG(gPIPNSSLog, PR_LOG_DEBUG,
          ("[%p] nsSSLIOLayerSetOptions: using TLS version range (0x%04x,0x%04x)%s\n",
           fd, static_cast<unsigned int>(range.min),
               static_cast<unsigned int>(range.max),
           useWeakCiphers ? " with weak ciphers" : ""));
 
--- a/security/manager/ssl/src/nsNSSIOLayer.h
+++ b/security/manager/ssl/src/nsNSSIOLayer.h
@@ -160,22 +160,16 @@ private:
 
   uint32_t mProviderFlags;
   mozilla::TimeStamp mSocketCreationTimestamp;
   uint64_t mPlaintextBytesRead;
 
   nsCOMPtr<nsIX509Cert> mClientCert;
 };
 
-enum StrongCipherStatus {
-  StrongCipherStatusUnknown,
-  StrongCiphersWorked,
-  StrongCiphersFailed
-};
-
 class nsSSLIOLayerHelpers
 {
 public:
   nsSSLIOLayerHelpers();
   ~nsSSLIOLayerHelpers();
 
   nsresult Init();
   void Cleanup();
@@ -195,17 +189,16 @@ public:
   int32_t getWarnLevelMissingRFC5746();
 
 private:
   struct IntoleranceEntry
   {
     uint16_t tolerant;
     uint16_t intolerant;
     PRErrorCode intoleranceReason;
-    StrongCipherStatus strongCipherStatus;
 
     void AssertInvariant() const
     {
       MOZ_ASSERT(intolerant == 0 || tolerant < intolerant);
     }
   };
   nsDataHashtable<nsCStringHashKey, IntoleranceEntry> mTLSIntoleranceInfo;
   // Sites that require insecure fallback to TLS 1.0, set by the pref
@@ -214,24 +207,21 @@ private:
   nsTHashtable<nsCStringHashKey> mInsecureFallbackSites;
 public:
   void rememberTolerantAtVersion(const nsACString& hostname, int16_t port,
                                  uint16_t tolerant);
   bool fallbackLimitReached(const nsACString& hostname, uint16_t intolerant);
   bool rememberIntolerantAtVersion(const nsACString& hostname, int16_t port,
                                    uint16_t intolerant, uint16_t minVersion,
                                    PRErrorCode intoleranceReason);
-  bool rememberStrongCiphersFailed(const nsACString& hostName, int16_t port,
-                                   PRErrorCode intoleranceReason);
   // returns the known tolerant version
   // or 0 if there is no known tolerant version
   uint16_t forgetIntolerance(const nsACString& hostname, int16_t port);
   void adjustForTLSIntolerance(const nsACString& hostname, int16_t port,
-                               /*in/out*/ SSLVersionRange& range,
-                               /*out*/ StrongCipherStatus& strongCipherStatus);
+                               /*in/out*/ SSLVersionRange& range);
   PRErrorCode getIntoleranceReason(const nsACString& hostname, int16_t port);
 
   void clearStoredData();
   void loadVersionFallbackLimit();
   void setInsecureFallbackSites(const nsCString& str);
   bool isInsecureFallbackSite(const nsACString& hostname);
 
   bool mFalseStartRequireNPN;
--- a/security/manager/ssl/tests/gtest/TLSIntoleranceTest.cpp
+++ b/security/manager/ssl/tests/gtest/TLSIntoleranceTest.cpp
@@ -22,97 +22,67 @@ protected:
 TEST_F(TLSIntoleranceTest, Test_Full_Fallback_Process)
 {
   helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_3_0;
 
   // No adjustment made when there is no entry for the site.
   {
     SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
                               SSL_LIBRARY_VERSION_TLS_1_2 };
-    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
-    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    helpers.adjustForTLSIntolerance(HOST, PORT, range);
     ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
     ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
-    ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
 
-    ASSERT_TRUE(
-      helpers.rememberStrongCiphersFailed(
-        HOST, PORT, SSL_ERROR_NO_CYPHER_OVERLAP));
-    ASSERT_EQ(SSL_ERROR_NO_CYPHER_OVERLAP,
-              helpers.getIntoleranceReason(HOST, PORT));
-  }
-
-  {
-    SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
-                              SSL_LIBRARY_VERSION_TLS_1_2 };
-    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
-    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
-    ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
-    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
-    ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
-
-    ASSERT_FALSE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
     ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
                                                     range.min, range.max, 0));
   }
 
   {
     SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
                               SSL_LIBRARY_VERSION_TLS_1_2 };
-    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
-    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    helpers.adjustForTLSIntolerance(HOST, PORT, range);
     ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
     ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
-    ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
 
-    ASSERT_FALSE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
     ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
                                                     range.min, range.max, 0));
   }
 
   {
     SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
                               SSL_LIBRARY_VERSION_TLS_1_2 };
-    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
-    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    helpers.adjustForTLSIntolerance(HOST, PORT, range);
     ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
     ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.max);
-    ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
 
-    ASSERT_FALSE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
     ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
                                                     range.min, range.max, 0));
   }
 
   {
     SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
                               SSL_LIBRARY_VERSION_TLS_1_2 };
 
-    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
-    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    helpers.adjustForTLSIntolerance(HOST, PORT, range);
     ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
     ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.max);
-    ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
 
-    ASSERT_FALSE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
     // false because we reached the floor set by range.min
     ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
                                                      range.min, range.max, 0));
   }
 
   {
     SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
                               SSL_LIBRARY_VERSION_TLS_1_2 };
-    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
-    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    helpers.adjustForTLSIntolerance(HOST, PORT, range);
     ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
     // When rememberIntolerantAtVersion returns false, it also resets the
     // intolerance information for the server.
     ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
-    ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
   }
 }
 
 TEST_F(TLSIntoleranceTest, Test_Disable_Fallback_With_High_Limit)
 {
   // this value disables version fallback entirely: with this value, all efforts
   // to mark an origin as version intolerant fail
   helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_2;
@@ -150,21 +120,19 @@ TEST_F(TLSIntoleranceTest, Test_Fallback
   // when it is higher than the fallback limit
   ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
                                                   SSL_LIBRARY_VERSION_TLS_1_1,
                                                   SSL_LIBRARY_VERSION_TLS_1_2,
                                                   0));
   {
     SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
                               SSL_LIBRARY_VERSION_TLS_1_2 };
-    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
-    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    helpers.adjustForTLSIntolerance(HOST, PORT, range);
     ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
     ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
-    ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
   }
 
   ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
                                                    SSL_LIBRARY_VERSION_TLS_1_1,
                                                    SSL_LIBRARY_VERSION_TLS_1_1,
                                                    0));
 }
 
@@ -172,55 +140,49 @@ TEST_F(TLSIntoleranceTest, Test_Tolerant
 {
   ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
                                                   SSL_LIBRARY_VERSION_3_0,
                                                   SSL_LIBRARY_VERSION_TLS_1_1,
                                                   0));
   helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1);
   SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
                             SSL_LIBRARY_VERSION_TLS_1_2 };
-  StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
-  helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+  helpers.adjustForTLSIntolerance(HOST, PORT, range);
   ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
   ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
-  ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
 }
 
 TEST_F(TLSIntoleranceTest, Test_Tolerant_Overrides_Intolerant_2)
 {
   ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
                                                   SSL_LIBRARY_VERSION_3_0,
                                                   SSL_LIBRARY_VERSION_TLS_1_1,
                                                   0));
   helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_2);
   SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
                             SSL_LIBRARY_VERSION_TLS_1_2 };
-  StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
-  helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+  helpers.adjustForTLSIntolerance(HOST, PORT, range);
   ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
   ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
-  ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
 }
 
 TEST_F(TLSIntoleranceTest, Test_Intolerant_Does_Not_Override_Tolerant)
 {
   // No adjustment made when there is no entry for the site.
   helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1);
   // false because we reached the floor set by rememberTolerantAtVersion.
   ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
                                                    SSL_LIBRARY_VERSION_3_0,
                                                    SSL_LIBRARY_VERSION_TLS_1_1,
                                                    0));
   SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
                             SSL_LIBRARY_VERSION_TLS_1_2 };
-  StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
-  helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+  helpers.adjustForTLSIntolerance(HOST, PORT, range);
   ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
   ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
-  ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
 }
 
 TEST_F(TLSIntoleranceTest, Test_Port_Is_Relevant)
 {
   helpers.rememberTolerantAtVersion(HOST, 1, SSL_LIBRARY_VERSION_TLS_1_2);
   ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, 1,
                                                    SSL_LIBRARY_VERSION_3_0,
                                                    SSL_LIBRARY_VERSION_TLS_1_2,
@@ -228,26 +190,24 @@ TEST_F(TLSIntoleranceTest, Test_Port_Is_
   ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, 2,
                                                   SSL_LIBRARY_VERSION_3_0,
                                                   SSL_LIBRARY_VERSION_TLS_1_2,
                                                   0));
 
   {
     SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
                               SSL_LIBRARY_VERSION_TLS_1_2 };
-    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
-    helpers.adjustForTLSIntolerance(HOST, 1, range, strongCipherStatus);
+    helpers.adjustForTLSIntolerance(HOST, 1, range);
     ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
   }
 
   {
     SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
                               SSL_LIBRARY_VERSION_TLS_1_2 };
-    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
-    helpers.adjustForTLSIntolerance(HOST, 2, range, strongCipherStatus);
+    helpers.adjustForTLSIntolerance(HOST, 2, range);
     ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
   }
 }
 
 TEST_F(TLSIntoleranceTest, Test_Intolerance_Reason_Initial)
 {
   ASSERT_EQ(0, helpers.getIntoleranceReason(HOST, 1));
 
@@ -277,249 +237,75 @@ TEST_F(TLSIntoleranceTest, Test_Intolera
                                       SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT);
   ASSERT_EQ(SSL_ERROR_HANDSHAKE_UNEXPECTED_ALERT,
             helpers.getIntoleranceReason(HOST, 1));
 
   helpers.rememberTolerantAtVersion(HOST, 1, SSL_LIBRARY_VERSION_TLS_1_2);
   ASSERT_EQ(0, helpers.getIntoleranceReason(HOST, 1));
 }
 
-TEST_F(TLSIntoleranceTest, Test_Strong_Ciphers_Failed)
-{
-  helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_1;
-
-  ASSERT_TRUE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
-
-  {
-    SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
-                              SSL_LIBRARY_VERSION_TLS_1_2 };
-    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
-    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
-    ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
-    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
-    ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
-
-    ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
-                                                    range.min, range.max, 0));
-  }
-
-  {
-    SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
-                              SSL_LIBRARY_VERSION_TLS_1_2 };
-    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
-    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
-    ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
-    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
-    ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
-
-    ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
-                                                     range.min, range.max, 0));
-  }
-
-  {
-    SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
-                              SSL_LIBRARY_VERSION_TLS_1_2 };
-    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
-    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
-    ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
-    // When rememberIntolerantAtVersion returns false, it also resets the
-    // intolerance information for the server.
-    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
-    ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
-  }
-}
-
-TEST_F(TLSIntoleranceTest, Test_Strong_Ciphers_Failed_At_1_1)
-{
-  helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_3_0;
-
-  // No adjustment made when there is no entry for the site.
-  {
-    SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
-                              SSL_LIBRARY_VERSION_TLS_1_2 };
-    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
-    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
-    ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
-                                                    range.min, range.max, 0));
-  }
-
-  {
-    SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
-                              SSL_LIBRARY_VERSION_TLS_1_2 };
-    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
-    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
-    ASSERT_TRUE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
-  }
-
-  {
-    SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
-                              SSL_LIBRARY_VERSION_TLS_1_2 };
-    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
-    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
-    ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
-    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
-    ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
-
-    ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
-                                                    range.min, range.max, 0));
-  }
-
-  {
-    SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
-                              SSL_LIBRARY_VERSION_TLS_1_2 };
-    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
-    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
-    ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
-    ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_0, range.max);
-    ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
-  }
-}
-
-TEST_F(TLSIntoleranceTest, Test_Strong_Ciphers_Failed_With_High_Limit)
-{
-  // this value disables version fallback entirely: with this value, all efforts
-  // to mark an origin as version intolerant fail
-  helpers.mVersionFallbackLimit = SSL_LIBRARY_VERSION_TLS_1_2;
-  // ...but weak ciphers fallback will not be disabled
-  ASSERT_TRUE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
-  ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
-                                                   SSL_LIBRARY_VERSION_3_0,
-                                                   SSL_LIBRARY_VERSION_TLS_1_2,
-                                                   0));
-  ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
-                                                   SSL_LIBRARY_VERSION_3_0,
-                                                   SSL_LIBRARY_VERSION_TLS_1_1,
-                                                   0));
-  ASSERT_FALSE(helpers.rememberIntolerantAtVersion(HOST, PORT,
-                                                   SSL_LIBRARY_VERSION_3_0,
-                                                   SSL_LIBRARY_VERSION_TLS_1_0,
-                                                   0));
-}
-
-TEST_F(TLSIntoleranceTest, Test_Tolerant_Does_Not_Override_Weak_Ciphers_Fallback)
-{
-  ASSERT_TRUE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
-  // No adjustment made when intolerant is zero.
-  helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1);
-  SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
-                            SSL_LIBRARY_VERSION_TLS_1_2 };
-  StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
-  helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
-  ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
-  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
-  ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
-}
-
-TEST_F(TLSIntoleranceTest, Test_Weak_Ciphers_Fallback_Does_Not_Override_Tolerant)
-{
-  // No adjustment made when there is no entry for the site.
-  helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1);
-  // false because strongCipherWorked is set by rememberTolerantAtVersion.
-  ASSERT_FALSE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
-  SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
-                            SSL_LIBRARY_VERSION_TLS_1_2 };
-  StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
-  helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
-  ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
-  ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
-  ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
-}
-
 TEST_F(TLSIntoleranceTest, TLS_Forget_Intolerance)
 {
   {
     ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
                                                     SSL_LIBRARY_VERSION_3_0,
                                                     SSL_LIBRARY_VERSION_TLS_1_2,
                                                     0));
 
     SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
                               SSL_LIBRARY_VERSION_TLS_1_2 };
-    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
-    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    helpers.adjustForTLSIntolerance(HOST, PORT, range);
     ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
     ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
-    ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
   }
 
   {
     helpers.forgetIntolerance(HOST, PORT);
 
     SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
                               SSL_LIBRARY_VERSION_TLS_1_2 };
-    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
-    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    helpers.adjustForTLSIntolerance(HOST, PORT, range);
     ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
     ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
-    ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
-  }
-}
-
-TEST_F(TLSIntoleranceTest, TLS_Forget_Strong_Cipher_Failed)
-{
-  {
-    ASSERT_TRUE(helpers.rememberStrongCiphersFailed(HOST, PORT, 0));
-
-    SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
-                              SSL_LIBRARY_VERSION_TLS_1_2 };
-    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
-    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
-    ASSERT_EQ(StrongCiphersFailed, strongCipherStatus);
-  }
-
-  {
-    helpers.forgetIntolerance(HOST, PORT);
-
-    SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
-                              SSL_LIBRARY_VERSION_TLS_1_2 };
-    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
-    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
-    ASSERT_EQ(StrongCipherStatusUnknown, strongCipherStatus);
   }
 }
 
 TEST_F(TLSIntoleranceTest, TLS_Dont_Forget_Tolerance)
 {
   {
     helpers.rememberTolerantAtVersion(HOST, PORT, SSL_LIBRARY_VERSION_TLS_1_1);
 
     SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
                               SSL_LIBRARY_VERSION_TLS_1_2 };
-    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
-    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    helpers.adjustForTLSIntolerance(HOST, PORT, range);
     ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
     ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
-    ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
   }
 
   {
     ASSERT_TRUE(helpers.rememberIntolerantAtVersion(HOST, PORT,
                                                     SSL_LIBRARY_VERSION_3_0,
                                                     SSL_LIBRARY_VERSION_TLS_1_2,
                                                     0));
 
     SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
                               SSL_LIBRARY_VERSION_TLS_1_2 };
-    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
-    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    helpers.adjustForTLSIntolerance(HOST, PORT, range);
     ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
     ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_1, range.max);
-    ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
   }
 
   {
     helpers.forgetIntolerance(HOST, PORT);
 
     SSLVersionRange range = { SSL_LIBRARY_VERSION_3_0,
                               SSL_LIBRARY_VERSION_TLS_1_2 };
-    StrongCipherStatus strongCipherStatus = StrongCipherStatusUnknown;
-    helpers.adjustForTLSIntolerance(HOST, PORT, range, strongCipherStatus);
+    helpers.adjustForTLSIntolerance(HOST, PORT, range);
     ASSERT_EQ(SSL_LIBRARY_VERSION_3_0, range.min);
     ASSERT_EQ(SSL_LIBRARY_VERSION_TLS_1_2, range.max);
-    ASSERT_EQ(StrongCiphersWorked, strongCipherStatus);
   }
 }
 
 TEST_F(TLSIntoleranceTest, TLS_Per_Site_Fallback_Limit)
 {
   NS_NAMED_LITERAL_CSTRING(example_com, "example.com");
   NS_NAMED_LITERAL_CSTRING(example_net, "example.net");
   NS_NAMED_LITERAL_CSTRING(example_org, "example.org");