From 4595711bf590f71a693579a6a7b01a76e2988173 Mon Sep 17 00:00:00 2001 From: Mirko Bonadei Date: Thu, 19 Sep 2024 14:38:46 +0000 Subject: [PATCH] Revert "Disable TLS session ticket for DTLS" This reverts commit e77d75193f4f61cf90991569c5470ba5d1b78f2b. Reason for revert: Speculative rollback (breaks downstream test). Original change's description: > Disable TLS session ticket for DTLS > > since it makes no sense for the WebRTC usage of DTLS and increases > the size of the last handshake flight considerably > Guarded by killswitch > WebRTC-DisableTlsSessionTicketKillswitch > > BUG=webrtc:367181089 > > Co-authored-by: Jody Ho > Change-Id: I4bb17bba8a17c65c8e0fefe2d8962974703feee7 > Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/362526 > Reviewed-by: Harald Alvestrand > Reviewed-by: David Benjamin > Commit-Queue: Philipp Hancke > Cr-Commit-Position: refs/heads/main@{#43046} Bug: webrtc:367181089 Change-Id: I02b59232fae9f729341811042a02f7cf346d4bbe No-Presubmit: true No-Tree-Checks: true No-Try: true Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/362982 Bot-Commit: rubber-stamper@appspot.gserviceaccount.com Commit-Queue: Mirko Bonadei Cr-Commit-Position: refs/heads/main@{#43052} --- experiments/field_trials.py | 3 --- rtc_base/openssl_stream_adapter.cc | 7 +------ rtc_base/openssl_stream_adapter.h | 3 --- 3 files changed, 1 insertion(+), 12 deletions(-) diff --git a/experiments/field_trials.py b/experiments/field_trials.py index cecca11c5b..c4455015a0 100755 --- a/experiments/field_trials.py +++ b/experiments/field_trials.py @@ -113,9 +113,6 @@ ACTIVE_FIELD_TRIALS: FrozenSet[FieldTrial] = frozenset([ FieldTrial('WebRTC-PermuteTlsClientHello', 42225803, date(2025, 1, 1)), - FieldTrial('WebRTC-DisableTlsSessionTicketKillswitch', - 367181089, - date(2025, 7, 1)), FieldTrial('WebRTC-QCM-Dynamic-AV1', 349860657, date(2025, 7, 1)), diff --git a/rtc_base/openssl_stream_adapter.cc b/rtc_base/openssl_stream_adapter.cc index d9f873b586..b7b1d1cfd1 100644 --- a/rtc_base/openssl_stream_adapter.cc +++ b/rtc_base/openssl_stream_adapter.cc @@ -306,9 +306,7 @@ OpenSSLStreamAdapter::OpenSSLStreamAdapter( !webrtc::field_trial::IsDisabled("WebRTC-PermuteTlsClientHello")), #endif ssl_mode_(SSL_MODE_DTLS), - ssl_max_version_(SSL_PROTOCOL_DTLS_12), - disable_handshake_ticket_(!webrtc::field_trial::IsDisabled( - "WebRTC-DisableTlsSessionTicketKillswitch")) { + ssl_max_version_(SSL_PROTOCOL_TLS_12) { stream_->SetEventCallback( [this](int events, int err) { OnEvent(events, err); }); } @@ -1082,9 +1080,6 @@ SSL_CTX* OpenSSLStreamAdapter::SetupSSLContext() { SSL_CTX_set_permute_extensions(ctx, permute_extension_); #endif - if (disable_handshake_ticket_) { - SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET); - } return ctx; } diff --git a/rtc_base/openssl_stream_adapter.h b/rtc_base/openssl_stream_adapter.h index e67992be45..92e8c1017e 100644 --- a/rtc_base/openssl_stream_adapter.h +++ b/rtc_base/openssl_stream_adapter.h @@ -250,9 +250,6 @@ class OpenSSLStreamAdapter final : public SSLStreamAdapter, // A 50-ms initial timeout ensures rapid setup on fast connections, but may // be too aggressive for low bandwidth links. int dtls_handshake_timeout_ms_ = 50; - - // Rollout killswitch for disabling session tickets. - const bool disable_handshake_ticket_; }; /////////////////////////////////////////////////////////////////////////////