deprecate gfe2_restart_flag_quic_enable_zero_rtt_for_tls_v2. Emergency shutoff is documented at go/make-it-stop PiperOrigin-RevId: 360238950 Change-Id: I24d11affc0331be5de80f0924acbbc65736c6f28
diff --git a/quic/core/crypto/tls_server_connection.cc b/quic/core/crypto/tls_server_connection.cc index f4d0ac2..2157778 100644 --- a/quic/core/crypto/tls_server_connection.cc +++ b/quic/core/crypto/tls_server_connection.cc
@@ -36,9 +36,8 @@ } else { QUIC_RESTART_FLAG_COUNT_N(quic_session_tickets_always_enabled, 3, 3); } - if (GetQuicRestartFlag(quic_enable_zero_rtt_for_tls_v2) && - (proof_source->GetTicketCrypter() || - GetQuicRestartFlag(quic_session_tickets_always_enabled))) { + if (proof_source->GetTicketCrypter() || + GetQuicRestartFlag(quic_session_tickets_always_enabled)) { SSL_CTX_set_early_data_enabled(ssl_ctx.get(), 1); } SSL_CTX_set_select_certificate_cb(
diff --git a/quic/core/http/end_to_end_test.cc b/quic/core/http/end_to_end_test.cc index 2000733..7e9a679 100644 --- a/quic/core/http/end_to_end_test.cc +++ b/quic/core/http/end_to_end_test.cc
@@ -198,7 +198,6 @@ AddToCache("/foo", 200, kFooResponseBody); AddToCache("/bar", 200, kBarResponseBody); // Enable fixes for bugs found in tests and prod. - SetQuicRestartFlag(quic_enable_zero_rtt_for_tls_v2, true); } ~EndToEndTest() override { QuicRecyclePort(server_address_.port()); }
diff --git a/quic/core/http/quic_server_session_base.cc b/quic/core/http/quic_server_session_base.cc index f91146b..9e0e146 100644 --- a/quic/core/http/quic_server_session_base.cc +++ b/quic/core/http/quic_server_session_base.cc
@@ -40,9 +40,7 @@ crypto_stream_ = CreateQuicCryptoServerStream(crypto_config_, compressed_certs_cache_); QuicSpdySession::Initialize(); - if (GetQuicRestartFlag(quic_enable_zero_rtt_for_tls_v2)) { - SendSettingsToCryptoStream(); - } + SendSettingsToCryptoStream(); } void QuicServerSessionBase::OnConfigNegotiated() {
diff --git a/quic/core/http/quic_spdy_client_session_test.cc b/quic/core/http/quic_spdy_client_session_test.cc index e2b5003..0f17d59 100644 --- a/quic/core/http/quic_spdy_client_session_test.cc +++ b/quic/core/http/quic_spdy_client_session_test.cc
@@ -97,7 +97,6 @@ QuicUtils::GetInvalidStreamId(GetParam().transport_version)) { auto client_cache = std::make_unique<test::SimpleSessionCache>(); client_session_cache_ = client_cache.get(); - SetQuicRestartFlag(quic_enable_zero_rtt_for_tls_v2, true); client_crypto_config_ = std::make_unique<QuicCryptoClientConfig>( crypto_test_utils::ProofVerifierForTesting(), std::move(client_cache)); server_crypto_config_ = crypto_test_utils::CryptoServerConfigForTesting();
diff --git a/quic/core/http/quic_spdy_session.cc b/quic/core/http/quic_spdy_session.cc index e8a473f..3bce452 100644 --- a/quic/core/http/quic_spdy_session.cc +++ b/quic/core/http/quic_spdy_session.cc
@@ -1085,8 +1085,7 @@ << value; // Communicate |value| to encoder, because it is used for encoding // Required Insert Count. - bool success = qpack_encoder_->SetMaximumDynamicTableCapacity(value); - if (GetQuicRestartFlag(quic_enable_zero_rtt_for_tls_v2) && !success) { + if (!qpack_encoder_->SetMaximumDynamicTableCapacity(value)) { CloseConnectionWithDetails( was_zero_rtt_rejected() ? QUIC_HTTP_ZERO_RTT_REJECTION_SETTINGS_MISMATCH @@ -1109,8 +1108,7 @@ QUIC_DVLOG(1) << ENDPOINT << "SETTINGS_MAX_FIELD_SECTION_SIZE received with value " << value; - if (GetQuicRestartFlag(quic_enable_zero_rtt_for_tls_v2) && - max_outbound_header_list_size_ != + if (max_outbound_header_list_size_ != std::numeric_limits<size_t>::max() && max_outbound_header_list_size_ > value) { CloseConnectionWithDetails( @@ -1131,8 +1129,7 @@ QUIC_DVLOG(1) << ENDPOINT << "SETTINGS_QPACK_BLOCKED_STREAMS received with value " << value; - bool success = qpack_encoder_->SetMaximumBlockedStreams(value); - if (GetQuicRestartFlag(quic_enable_zero_rtt_for_tls_v2) && !success) { + if (!qpack_encoder_->SetMaximumBlockedStreams(value)) { CloseConnectionWithDetails( was_zero_rtt_rejected() ? QUIC_HTTP_ZERO_RTT_REJECTION_SETTINGS_MISMATCH
diff --git a/quic/core/quic_flags_list.h b/quic/core/quic_flags_list.h index aa5f569..9140195 100644 --- a/quic/core/quic_flags_list.h +++ b/quic/core/quic_flags_list.h
@@ -68,7 +68,6 @@ QUIC_FLAG(FLAGS_quic_reloadable_flag_send_quic_fallback_server_config_on_leto_error, false) QUIC_FLAG(FLAGS_quic_restart_flag_dont_fetch_quic_private_keys_from_leto, false) QUIC_FLAG(FLAGS_quic_restart_flag_quic_dispatcher_support_multiple_cid_per_connection_v2, true) -QUIC_FLAG(FLAGS_quic_restart_flag_quic_enable_zero_rtt_for_tls_v2, true) QUIC_FLAG(FLAGS_quic_restart_flag_quic_offload_pacing_to_usps2, false) QUIC_FLAG(FLAGS_quic_restart_flag_quic_session_tickets_always_enabled, true) QUIC_FLAG(FLAGS_quic_restart_flag_quic_support_release_time_for_gso, false)
diff --git a/quic/core/quic_session.cc b/quic/core/quic_session.cc index bdc9ef5..fd41059 100644 --- a/quic/core/quic_session.cc +++ b/quic/core/quic_session.cc
@@ -1096,8 +1096,7 @@ void QuicSession::OnConfigNegotiated() { // In versions with TLS, the configs will be set twice if 0-RTT is available. // In the second config setting, 1-RTT keys are guaranteed to be available. - if (GetQuicRestartFlag(quic_enable_zero_rtt_for_tls_v2) && - version().UsesTls() && is_configured_ && + if (version().UsesTls() && is_configured_ && connection_->encryption_level() != ENCRYPTION_FORWARD_SECURE) { QUIC_BUG << ENDPOINT @@ -1296,8 +1295,7 @@ // Or if this session is configured on TLS enabled QUIC versions, // attempt to retransmit 0-RTT data if there's any. if (connection_->version().AllowsLowFlowControlLimits() || - (GetQuicRestartFlag(quic_enable_zero_rtt_for_tls_v2) && - version().UsesTls())) { + version().UsesTls()) { OnCanWrite(); } }
diff --git a/quic/core/quic_versions.cc b/quic/core/quic_versions.cc index a189e26..97e2194 100644 --- a/quic/core/quic_versions.cc +++ b/quic/core/quic_versions.cc
@@ -593,7 +593,6 @@ void QuicVersionInitializeSupportForIetfDraft() { // Enable necessary flags. - SetQuicRestartFlag(quic_enable_zero_rtt_for_tls_v2, true); } void QuicEnableVersion(const ParsedQuicVersion& version) {
diff --git a/quic/core/tls_client_handshaker_test.cc b/quic/core/tls_client_handshaker_test.cc index 19fdab5..807f49e 100644 --- a/quic/core/tls_client_handshaker_test.cc +++ b/quic/core/tls_client_handshaker_test.cc
@@ -178,7 +178,6 @@ server_id_(kServerHostname, kServerPort, false), server_compressed_certs_cache_( QuicCompressedCertsCache::kQuicCompressedCertsCacheSize) { - SetQuicRestartFlag(quic_enable_zero_rtt_for_tls_v2, true); crypto_config_ = std::make_unique<QuicCryptoClientConfig>( std::make_unique<TestProofVerifier>(), std::make_unique<test::SimpleSessionCache>());
diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc index 39da4a7..c12caa5 100644 --- a/quic/core/tls_server_handshaker.cc +++ b/quic/core/tls_server_handshaker.cc
@@ -536,7 +536,6 @@ // FinishHandshake, we don't have any confirmation that the client is live, // so all end of handshake processing is deferred until the handshake is // actually complete. - QUIC_RESTART_FLAG_COUNT(quic_enable_zero_rtt_for_tls_v2); return; } if (!valid_alpn_received_) {
diff --git a/quic/core/tls_server_handshaker_test.cc b/quic/core/tls_server_handshaker_test.cc index 66cdd79..fbec255 100644 --- a/quic/core/tls_server_handshaker_test.cc +++ b/quic/core/tls_server_handshaker_test.cc
@@ -138,7 +138,6 @@ QuicCompressedCertsCache::kQuicCompressedCertsCacheSize), server_id_(kServerHostname, kServerPort, false), supported_versions_({GetParam().version}) { - SetQuicRestartFlag(quic_enable_zero_rtt_for_tls_v2, true); SetQuicFlag(FLAGS_quic_disable_server_tls_resumption, GetParam().disable_resumption); client_crypto_config_ = std::make_unique<QuicCryptoClientConfig>(