commit a45ee8af4158539753b62f9a63c5bec894582e91
author fayang <fayang@google.com> Fri Mar 20 08:56:11 2020 -0700
committer Copybara-Service <copybara-worker@google.com> Fri Mar 20 08:56:52 2020 -0700
tree 04c9f58c3e0110c15e5610f79cd114c3834a8d10
parent b885a12eaaed1dbea70542be9dfac3b7a47b4ff8

gfe-relnote: In QUIC, send H3 SETTINGs once 1-RTT write key is available (instead of both keys are available). Protected by gfe2_restart_flag_quic_send_settings_on_write_key_available.

PiperOrigin-RevId: 302036759
Change-Id: If883b658e4a394ed8e72f200f544809979ebabea

quic/core/tls_server_handshaker.cc

diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc
index 715a200..e10c067 100644
--- a/quic/core/tls_server_handshaker.cc
+++ b/quic/core/tls_server_handshaker.cc
@@ -276,6 +276,23 @@
   return true;
 }
 
+void TlsServerHandshaker::SetWriteSecret(
+    EncryptionLevel level,
+    const SSL_CIPHER* cipher,
+    const std::vector<uint8_t>& write_secret) {
+  if (GetQuicRestartFlag(quic_send_settings_on_write_key_available) &&
+      level == ENCRYPTION_FORWARD_SECURE) {
+    encryption_established_ = true;
+    // Fill crypto_negotiated_params_:
+    const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl());
+    if (cipher) {
+      crypto_negotiated_params_->cipher_suite = SSL_CIPHER_get_value(cipher);
+    }
+    crypto_negotiated_params_->key_exchange_group = SSL_get_curve_id(ssl());
+  }
+  TlsHandshaker::SetWriteSecret(level, cipher, write_secret);
+}
+
 void TlsServerHandshaker::FinishHandshake() {
   if (!valid_alpn_received_) {
     QUIC_DLOG(ERROR)
@@ -290,15 +307,19 @@
   QUIC_LOG(INFO) << "Server: handshake finished";
   state_ = STATE_HANDSHAKE_COMPLETE;
 
-  encryption_established_ = true;
+  if (!GetQuicRestartFlag(quic_send_settings_on_write_key_available)) {
+    encryption_established_ = true;
+  }
   one_rtt_keys_available_ = true;
 
-  // Fill crypto_negotiated_params_:
   const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl());
-  if (cipher) {
-    crypto_negotiated_params_->cipher_suite = SSL_CIPHER_get_value(cipher);
+  if (!GetQuicRestartFlag(quic_send_settings_on_write_key_available)) {
+    // Fill crypto_negotiated_params_:
+    if (cipher) {
+      crypto_negotiated_params_->cipher_suite = SSL_CIPHER_get_value(cipher);
+    }
+    crypto_negotiated_params_->key_exchange_group = SSL_get_curve_id(ssl());
   }
-  crypto_negotiated_params_->key_exchange_group = SSL_get_curve_id(ssl());
 
   if (!app_data_read_secret_.empty()) {
     if (!SetReadSecret(ENCRYPTION_FORWARD_SECURE, cipher,