Reland "Disable TLS session ticket for DTLS"

This is a reland of commit e77d75193f4f61cf90991569c5470ba5d1b78f2b. No changes were required to the CL, downstream tests have been fixed. Original change's description: > Disable TLS session ticket for DTLS > > since it makes no sense for the WebRTC usage of DTLS and increases > the size of the last handshake flight considerably > Guarded by killswitch > WebRTC-DisableTlsSessionTicketKillswitch > > BUG=webrtc:367181089 > > Co-authored-by: Jody Ho <jodyho@meta.com> > Change-Id: I4bb17bba8a17c65c8e0fefe2d8962974703feee7 > Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/362526 > Reviewed-by: Harald Alvestrand <hta@webrtc.org> > Reviewed-by: David Benjamin <davidben@webrtc.org> > Commit-Queue: Philipp Hancke <phancke@meta.com> > Cr-Commit-Position: refs/heads/main@{#43046} Bug: webrtc:367181089 Change-Id: I4b3f813e4a0dd4d0458ee14c15c51ee6f9b84461 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/363220 Reviewed-by: Harald Alvestrand <hta@webrtc.org> Commit-Queue: Mirko Bonadei <mbonadei@webrtc.org> Cr-Commit-Position: refs/heads/main@{#43066}
2024-09-16 13:22:18 -07:00 · 2024-09-16 13:22:18 -07:00 · 518de1673e
commit 518de1673e
parent a8829eb5f3
3 changed files with 12 additions and 1 deletions
--- a/experiments/field_trials.py
+++ b/experiments/field_trials.py
@ -113,6 +113,9 @@ ACTIVE_FIELD_TRIALS: FrozenSet[FieldTrial] = frozenset([
    FieldTrial('WebRTC-PermuteTlsClientHello',
               42225803,
               date(2025, 1, 1)),
+    FieldTrial('WebRTC-DisableTlsSessionTicketKillswitch',
+               367181089,
+               date(2025, 7, 1)),
    FieldTrial('WebRTC-QCM-Dynamic-AV1',
               349860657,
               date(2025, 7, 1)),
--- a/rtc_base/openssl_stream_adapter.cc
+++ b/rtc_base/openssl_stream_adapter.cc
@ -306,7 +306,9 @@ OpenSSLStreamAdapter::OpenSSLStreamAdapter(
          !webrtc::field_trial::IsDisabled("WebRTC-PermuteTlsClientHello")),
 #endif
      ssl_mode_(SSL_MODE_DTLS),
-      ssl_max_version_(SSL_PROTOCOL_TLS_12) {
+      ssl_max_version_(SSL_PROTOCOL_DTLS_12),
+      disable_handshake_ticket_(!webrtc::field_trial::IsDisabled(
+          "WebRTC-DisableTlsSessionTicketKillswitch")) {
  stream_->SetEventCallback(
      [this](int events, int err) { OnEvent(events, err); });
 }
@ -1080,6 +1082,9 @@ SSL_CTX* OpenSSLStreamAdapter::SetupSSLContext() {
  SSL_CTX_set_permute_extensions(ctx, permute_extension_);
 #endif

+  if (disable_handshake_ticket_) {
+    SSL_CTX_set_options(ctx, SSL_OP_NO_TICKET);
+  }
  return ctx;
 }

--- a/rtc_base/openssl_stream_adapter.h
+++ b/rtc_base/openssl_stream_adapter.h
@ -250,6 +250,9 @@ class OpenSSLStreamAdapter final : public SSLStreamAdapter,
  // A 50-ms initial timeout ensures rapid setup on fast connections, but may
  // be too aggressive for low bandwidth links.
  int dtls_handshake_timeout_ms_ = 50;
+
+  // Rollout killswitch for disabling session tickets.
+  const bool disable_handshake_ticket_;
 };

 /////////////////////////////////////////////////////////////////////////////