The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/bf059c752b46941f566b1478ee9f56bbbc040b2f

commit bf059c752b46941f566b1478ee9f56bbbc040b2f
Author: Steven Valdez <svaldez@chromium.org>
Date: Wed Dec 12 16:32:53 2018

Fix TLS 1.3 downgrade protection.

Bug: 914373
Change-Id: I31f9e3801fdc4a82497c6d2c4af6a26952c348a1
Reviewed-on: https://chromium-review.googlesource.com/c/1374150
Reviewed-by: David Benjamin <davidben@chromium.org>
Commit-Queue: Steven Valdez <svaldez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#615919}
[modify] https://crrev.com/bf059c752b46941f566b1478ee9f56bbbc040b2f/net/socket/ssl_client_socket_impl.cc
[modify] https://crrev.com/bf059c752b46941f566b1478ee9f56bbbc040b2f/net/socket/ssl_client_socket_unittest.cc

I'm requesting a merge to M72 to fix a bug with our ability to deploy the anti-downgrade mitigation via Finch. Testing locally this fix works, and is a safe merge, as it adds additional constraints to when the TLS 1.3 downgrade codepath is hit.

Let's verify this in canary first, and we can review for merge tomorrow. 

(We should remember to appropriately set min_version on the field trial configurations.)

Looks like its working as expected in Windows Canary (73.0.3639.0).

Your change meets the bar and is auto-approved for M72. Please go ahead and merge the CL to branch 3626 manually. Please contact milestone owner if you have questions.
Owners: govind@(Android), kariahda@(iOS), djmm@(ChromeOS), abdulsyed@(Desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/f75c6567aad34a33c05ac4d7aa1841335c75124a

commit f75c6567aad34a33c05ac4d7aa1841335c75124a
Author: Steven Valdez <svaldez@chromium.org>
Date: Thu Dec 13 17:52:01 2018

Fix TLS 1.3 downgrade protection.

(cherry picked from commit bf059c752b46941f566b1478ee9f56bbbc040b2f)

Bug: 914373
Change-Id: Ib2c9e0c7d6b8ae2be2e9632a41b2a5a0f036437f
Reviewed-on: https://chromium-review.googlesource.com/c/1374150
Reviewed-by: David Benjamin <davidben@chromium.org>
Commit-Queue: Steven Valdez <svaldez@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#615919}
Reviewed-on: https://chromium-review.googlesource.com/c/1376253
Reviewed-by: Steven Valdez <svaldez@chromium.org>
Cr-Commit-Position: refs/branch-heads/3626@{#327}
Cr-Branched-From: d897fb137fbaaa9355c0c93124cc048824eb1e65-refs/heads/master@{#612437}
[modify] https://crrev.com/f75c6567aad34a33c05ac4d7aa1841335c75124a/net/socket/ssl_client_socket_impl.cc
[modify] https://crrev.com/f75c6567aad34a33c05ac4d7aa1841335c75124a/net/socket/ssl_client_socket_unittest.cc

The following revision refers to this bug: 
https://chromium.googlesource.com/chromium/src.git/+/f75c6567aad34a33c05ac4d7aa1841335c75124a

Commit: f75c6567aad34a33c05ac4d7aa1841335c75124a
Author: svaldez@chromium.org
Commiter: svaldez@chromium.org
Date: 2018-12-13 17:52:01 +0000 UTC

Fix TLS 1.3 downgrade protection.

(cherry picked from commit bf059c752b46941f566b1478ee9f56bbbc040b2f)

Bug: 914373
Change-Id: Ib2c9e0c7d6b8ae2be2e9632a41b2a5a0f036437f
Reviewed-on: https://chromium-review.googlesource.com/c/1374150
Reviewed-by: David Benjamin <davidben@chromium.org>
Commit-Queue: Steven Valdez <svaldez@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#615919}
Reviewed-on: https://chromium-review.googlesource.com/c/1376253
Reviewed-by: Steven Valdez <svaldez@chromium.org>
Cr-Commit-Position: refs/branch-heads/3626@{#327}
Cr-Branched-From: d897fb137fbaaa9355c0c93124cc048824eb1e65-refs/heads/master@{#612437}

This issue has an owner, a component and a priority, but is still listed as untriaged or unconfirmed. By definition, this bug is triaged. Changing status to "assigned". Please reach out to me if you disagree with how I've done this.