Google Git
Sign in
quiche/quiche.git/9261a8aafbeb3ef9519f40f78d8e0bd0f4e9191c^!/.
commit
9261a8aafbeb3ef9519f40f78d8e0bd0f4e9191c
[log]
author
fayang <fayang@google.com>
Tue Sep 22 07:29:46 2020 -0700
committer
Copybara-Service <copybara-worker@google.com>
Tue Sep 22 07:30:17 2020 -0700
tree
4776a8e43f321cc611049bd4bf9a9ad29acf1de2
parent
fcff95775f7377197b50f76e5bbfe8b33f35f3d5 [diff]
Discard 0-RTT keys after installing 1-RTT keys. Client side only.

Protected by FLAGS_quic_reloadable_flag_quic_postpond_discarding_zero_rtt_keys.

PiperOrigin-RevId: 333074291
Change-Id: Ia8abcdde84579c0c8a01d262e476d56ea2e754da

diff --git a/quic/core/tls_client_handshaker.cc b/quic/core/tls_client_handshaker.cc
index 9c316a7..ba3f9d4 100644
--- a/quic/core/tls_client_handshaker.cc
+++ b/quic/core/tls_client_handshaker.cc

@@ -386,10 +386,16 @@
   if (level == ENCRYPTION_FORWARD_SECURE || level == ENCRYPTION_ZERO_RTT) {
     encryption_established_ = true;
   }
-  if (level == ENCRYPTION_FORWARD_SECURE) {
+  const bool postpone_discarding_zero_rtt_keys =
+      GetQuicReloadableFlag(quic_postpone_discarding_zero_rtt_keys);
+  if (!postpone_discarding_zero_rtt_keys &&
+      level == ENCRYPTION_FORWARD_SECURE) {
     handshaker_delegate()->DiscardOldEncryptionKey(ENCRYPTION_ZERO_RTT);
   }
   TlsHandshaker::SetWriteSecret(level, cipher, write_secret);
+  if (postpone_discarding_zero_rtt_keys && level == ENCRYPTION_FORWARD_SECURE) {
+    handshaker_delegate()->DiscardOldEncryptionKey(ENCRYPTION_ZERO_RTT);
+  }
 }
 
 void TlsClientHandshaker::OnHandshakeConfirmed() {