Google Git
Sign in
quiche/quiche/fcff95775f7377197b50f76e5bbfe8b33f35f3d5^!/.
commit
fcff95775f7377197b50f76e5bbfe8b33f35f3d5
[log]
author
dschinazi <dschinazi@google.com>
Mon Sep 21 18:14:11 2020 -0700
committer
Copybara-Service <copybara-worker@google.com>
Mon Sep 21 18:14:39 2020 -0700
tree
9b865a12269f461899967281974fb4c926b8c696
parent
9aaca9690a86b71dc7790c0489d5b11b41cbede5 [diff]
Fix key_update_not_yet_supported for older clients

I forgot to add this while writing cl/326322311. This CL does not impact existing behavior because we currently do not act on key_update_not_yet_supported at all.

PiperOrigin-RevId: 332979101
Change-Id: I74bb90cc600b48567ad42a0836fa373982499d4a

diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc
index fcbc7cd..51ff77d 100644
--- a/quic/core/tls_server_handshaker.cc
+++ b/quic/core/tls_server_handshaker.cc

@@ -291,6 +291,19 @@
   // Notify QuicConnectionDebugVisitor.
   session()->connection()->OnTransportParametersReceived(client_params);
 
+  // Chrome clients before 86.0.4233.0 did not send the
+  // key_update_not_yet_supported transport parameter, but they did send a
+  // Google-internal transport parameter with identifier 0x4751. We treat
+  // reception of 0x4751 as having received key_update_not_yet_supported to
+  // ensure we do not use key updates with those older clients.
+  // TODO(dschinazi) remove this workaround once all of our QUIC+TLS Finch
+  // experiments have a min_version greater than 86.0.4233.0.
+  if (client_params.custom_parameters.find(
+          static_cast<TransportParameters::TransportParameterId>(0x4751)) !=
+      client_params.custom_parameters.end()) {
+    client_params.key_update_not_yet_supported = true;
+  }
+
   // When interoperating with non-Google implementations that do not send
   // the version extension, set it to what we expect.
   if (client_params.version == 0) {