feat: allow setting SSL config (#25461)

* feat: allow setting SSL config

* lint

* configure system network context with min TLS1.2

* fix

* note defaults

shell/browser/net/network_context_service.cc

@@ -4,6 +4,8 @@
 
 #include "shell/browser/net/network_context_service.h"
 
+#include <utility>
+
 #include "chrome/common/chrome_constants.h"
 #include "content/public/browser/network_service_instance.h"
 #include "net/net_buildflags.h"
@@ -29,6 +31,13 @@ void NetworkContextService::ConfigureNetworkContextParams(
   g_browser_process->system_network_context_manager()
       ->ConfigureDefaultNetworkContextParams(network_context_params);
 
+  mojo::Remote<network::mojom::SSLConfigClient> ssl_config_client;
+  network_context_params->ssl_config_client_receiver =
+      ssl_config_client.BindNewPipeAndPassReceiver();
+  browser_context_->SetSSLConfigClient(std::move(ssl_config_client));
+
+  network_context_params->initial_ssl_config = browser_context_->GetSSLConfig();
+
   network_context_params->user_agent = browser_context_->GetUserAgent();
 
   network_context_params->accept_language =

shell/browser/net/system_network_context_manager.cc

@@ -229,6 +229,10 @@ SystemNetworkContextManager::CreateNetworkContextParams() {
 
   network_context_params->http_cache_enabled = false;
 
+  auto ssl_config = network::mojom::SSLConfig::New();
+  ssl_config->version_min = network::mojom::SSLVersion::kTLS12;
+  network_context_params->initial_ssl_config = std::move(ssl_config);
+
   proxy_config_monitor_.AddToNetworkContextParams(network_context_params.get());
 
   return network_context_params;