Deprecate --gfe2_reloadable_flag_quic_tls_retry_handshake_on_early_data.
PiperOrigin-RevId: 381883439
diff --git a/quic/core/quic_flags_list.h b/quic/core/quic_flags_list.h
index 52326af..e39c60d 100644
--- a/quic/core/quic_flags_list.h
+++ b/quic/core/quic_flags_list.h
@@ -23,8 +23,6 @@
QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_enable_mtu_discovery_at_server, false)
// If true, QuicGsoBatchWriter will support release time if it is available and the process has the permission to do so.
QUIC_FLAG(FLAGS_quic_restart_flag_quic_support_release_time_for_gso, false)
-// If true, TlsHandshaker::AdvanceHandshake will retry SSL_do_handshake when entered early data.
-QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_tls_retry_handshake_on_early_data, true)
// If true, abort async QPACK header decompression in QuicSpdyStream::Reset() and in QuicSpdyStream::OnStreamReset().
QUIC_FLAG(FLAGS_quic_reloadable_flag_quic_abort_qpack_on_stream_reset, true)
// If true, ack frequency frame can be sent from server to client.
diff --git a/quic/core/tls_client_handshaker.cc b/quic/core/tls_client_handshaker.cc
index ab8ba64..23a7955 100644
--- a/quic/core/tls_client_handshaker.cc
+++ b/quic/core/tls_client_handshaker.cc
@@ -444,22 +444,8 @@
void TlsClientHandshaker::FinishHandshake() {
FillNegotiatedParams();
- if (retry_handshake_on_early_data_) {
- QUICHE_CHECK(!SSL_in_early_data(ssl()));
- } else {
- if (SSL_in_early_data(ssl())) {
- // SSL_do_handshake returns after sending the ClientHello if the session
- // is 0-RTT-capable, which means that FinishHandshake will get called
- // twice - the first time after sending the ClientHello, and the second
- // time after the handshake is complete. If we're in the first time
- // FinishHandshake is called, we can't do any end-of-handshake processing.
+ QUICHE_CHECK(!SSL_in_early_data(ssl()));
- // If we're attempting a 0-RTT handshake, then we need to let the
- // transport and application know what state to apply to early data.
- PrepareZeroRttConfig(cached_state_.get());
- return;
- }
- }
QUIC_LOG(INFO) << "Client: handshake finished";
std::string error_details;
@@ -518,7 +504,6 @@
}
void TlsClientHandshaker::OnEnterEarlyData() {
- QUICHE_DCHECK(retry_handshake_on_early_data_);
QUICHE_DCHECK(SSL_in_early_data(ssl()));
// TODO(wub): It might be unnecessary to FillNegotiatedParams() at this time,
diff --git a/quic/core/tls_client_handshaker_test.cc b/quic/core/tls_client_handshaker_test.cc
index 8365f63..4bbb4ed 100644
--- a/quic/core/tls_client_handshaker_test.cc
+++ b/quic/core/tls_client_handshaker_test.cc
@@ -458,13 +458,6 @@
proof_verifier->InvokePendingCallback(0);
QuicFramer* framer = QuicConnectionPeer::GetFramer(connection_);
- if (!GetQuicReloadableFlag(quic_tls_retry_handshake_on_early_data)) {
- // Client does not have HANDSHAKE key due to b/186438140.
- EXPECT_EQ(nullptr,
- QuicFramerPeer::GetEncrypter(framer, ENCRYPTION_HANDSHAKE));
- return;
- }
-
// Verify client has derived HANDSHAKE key.
EXPECT_NE(nullptr,
QuicFramerPeer::GetEncrypter(framer, ENCRYPTION_HANDSHAKE));
diff --git a/quic/core/tls_handshaker.cc b/quic/core/tls_handshaker.cc
index 3e81210..4b2d717 100644
--- a/quic/core/tls_handshaker.cc
+++ b/quic/core/tls_handshaker.cc
@@ -109,8 +109,7 @@
// processed. Retry SSL_do_handshake once will advance the handshake more in
// that case. If there are no unprocessed ServerHello, the retry will return a
// non-positive number.
- if (retry_handshake_on_early_data_ && rv == 1 && SSL_in_early_data(ssl())) {
- QUIC_RELOADABLE_FLAG_COUNT_N(quic_tls_retry_handshake_on_early_data, 1, 2);
+ if (rv == 1 && SSL_in_early_data(ssl())) {
OnEnterEarlyData();
rv = SSL_do_handshake(ssl());
QUIC_VLOG(1) << ENDPOINT
diff --git a/quic/core/tls_handshaker.h b/quic/core/tls_handshaker.h
index 3bfdac6..e88e7a6 100644
--- a/quic/core/tls_handshaker.h
+++ b/quic/core/tls_handshaker.h
@@ -71,12 +71,8 @@
bool is_connection_closed() const { return is_connection_closed_; }
// Called when |SSL_do_handshake| returns 1, indicating that the handshake has
- // finished. Note that due to 0-RTT, the handshake may "finish" twice;
- // |SSL_in_early_data| can be used to determine whether the handshake is truly
- // done.
- // TODO(wub): When --quic_tls_retry_handshake_on_early_data is true, this
- // function will only be called once when the handshake actually finishes.
- // Update comment when deprecating the flag.
+ // finished. Note that a handshake only finishes once, entering early data
+ // does not count.
virtual void FinishHandshake() = 0;
// Called when |SSL_do_handshake| returns 1 and the connection is in early
@@ -84,7 +80,6 @@
// retry |SSL_do_handshake| once.
virtual void OnEnterEarlyData() {
// By default, do nothing but check the preconditions.
- QUICHE_DCHECK(retry_handshake_on_early_data_);
QUICHE_DCHECK(SSL_in_early_data(ssl()));
}
@@ -168,9 +163,6 @@
// error code corresponding to the TLS alert description |desc|.
void SendAlert(EncryptionLevel level, uint8_t desc) override;
- const bool retry_handshake_on_early_data_ =
- GetQuicReloadableFlag(quic_tls_retry_handshake_on_early_data);
-
private:
// ProofVerifierCallbackImpl handles the result of an asynchronous certificate
// verification operation.
diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc
index 7923732..ab17ac2 100644
--- a/quic/core/tls_server_handshaker.cc
+++ b/quic/core/tls_server_handshaker.cc
@@ -517,21 +517,8 @@
}
void TlsServerHandshaker::FinishHandshake() {
- if (retry_handshake_on_early_data_) {
- QUIC_RELOADABLE_FLAG_COUNT_N(quic_tls_retry_handshake_on_early_data, 2, 2);
- QUICHE_DCHECK(!SSL_in_early_data(ssl()));
- } else {
- if (SSL_in_early_data(ssl())) {
- // If the server accepts early data, SSL_do_handshake returns success
- // twice: once after processing the ClientHello and sending the server's
- // first flight, and then again after the handshake is complete. This
- // results in FinishHandshake getting called twice. On the first call to
- // FinishHandshake, we don't have any confirmation that the client is
- // live, so all end of handshake processing is deferred until the
- // handshake is actually complete.
- return;
- }
- }
+ QUICHE_DCHECK(!SSL_in_early_data(ssl()));
+
if (!valid_alpn_received_) {
QUIC_DLOG(ERROR)
<< "Server: handshake finished without receiving a known ALPN";