TLS: enable TLS client hello permutation by default

this is flipping WebRTC-PermuteTlsClientHello to a killswitch in the SSLStreamAdapter used for DTLS. BUG=webrtc:42225803 Change-Id: I942851c474ec5e723c5b6c9f6206e7eafbe80ea4 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/357901 Reviewed-by: Harald Alvestrand <hta@webrtc.org> Commit-Queue: Philipp Hancke <phancke@meta.com> Reviewed-by: Danil Chapovalov <danilchap@webrtc.org> Cr-Commit-Position: refs/heads/main@{#42676}
2024-07-25 16:01:29 -07:00 · 2024-07-25 16:01:29 -07:00 · 76430c0bf1
commit 76430c0bf1
parent 12f9d5ce60
3 changed files with 15 additions and 6 deletions
--- a/experiments/field_trials.py
+++ b/experiments/field_trials.py
@ -109,7 +109,7 @@ ACTIVE_FIELD_TRIALS: FrozenSet[FieldTrial] = frozenset([
               date(2024, 4, 1)),
    FieldTrial('WebRTC-PermuteTlsClientHello',
               42225803,
-               date(2024, 7, 1)),
+               date(2025, 1, 1)),
    FieldTrial('WebRTC-QCM-Dynamic-AV1',
               349860657,
               date(2025, 7, 1)),
--- a/rtc_base/openssl_stream_adapter.cc
+++ b/rtc_base/openssl_stream_adapter.cc
@ -290,7 +290,7 @@ OpenSSLStreamAdapter::OpenSSLStreamAdapter(
      ssl_ctx_(nullptr),
 #ifdef OPENSSL_IS_BORINGSSL
      permute_extension_(
-          webrtc::field_trial::IsEnabled("WebRTC-PermuteTlsClientHello")),
+          !webrtc::field_trial::IsDisabled("WebRTC-PermuteTlsClientHello")),
 #endif
      ssl_mode_(SSL_MODE_TLS),
      ssl_max_version_(SSL_PROTOCOL_TLS_12) {
--- a/rtc_base/ssl_stream_adapter_unittest.cc
+++ b/rtc_base/ssl_stream_adapter_unittest.cc
@ -1674,14 +1674,23 @@ TEST_F(SSLStreamAdapterTestDTLSExtensionPermutation,
 }

 TEST_F(SSLStreamAdapterTestDTLSExtensionPermutation,
-       ClientDefaultServerPermute) {
-  Initialize("", "WebRTC-PermuteTlsClientHello/Enabled/");
+       ClientDisabledServerDisabled) {
+  Initialize("WebRTC-PermuteTlsClientHello/Disabled/",
+             "WebRTC-PermuteTlsClientHello/Disabled/");
  TestHandshake();
 }

 TEST_F(SSLStreamAdapterTestDTLSExtensionPermutation,
-       ClientPermuteServerDefault) {
-  Initialize("WebRTC-PermuteTlsClientHello/Enabled/", "");
+       ClientDisabledServerPermute) {
+  Initialize("WebRTC-PermuteTlsClientHello/Disabled/",
+             "WebRTC-PermuteTlsClientHello/Enabled/");
+  TestHandshake();
+}
+
+TEST_F(SSLStreamAdapterTestDTLSExtensionPermutation,
+       ClientPermuteServerDisabled) {
+  Initialize("WebRTC-PermuteTlsClientHello/Enabled/",
+             "WebRTC-PermuteTlsClientHello/Disabled/");
  TestHandshake();
 }