Fix key_update_not_yet_supported for older clients
I forgot to add this while writing cl/326322311. This CL does not impact existing behavior because we currently do not act on key_update_not_yet_supported at all.
PiperOrigin-RevId: 332979101
Change-Id: I74bb90cc600b48567ad42a0836fa373982499d4a
diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc
index fcbc7cd..51ff77d 100644
--- a/quic/core/tls_server_handshaker.cc
+++ b/quic/core/tls_server_handshaker.cc
@@ -291,6 +291,19 @@
// Notify QuicConnectionDebugVisitor.
session()->connection()->OnTransportParametersReceived(client_params);
+ // Chrome clients before 86.0.4233.0 did not send the
+ // key_update_not_yet_supported transport parameter, but they did send a
+ // Google-internal transport parameter with identifier 0x4751. We treat
+ // reception of 0x4751 as having received key_update_not_yet_supported to
+ // ensure we do not use key updates with those older clients.
+ // TODO(dschinazi) remove this workaround once all of our QUIC+TLS Finch
+ // experiments have a min_version greater than 86.0.4233.0.
+ if (client_params.custom_parameters.find(
+ static_cast<TransportParameters::TransportParameterId>(0x4751)) !=
+ client_params.custom_parameters.end()) {
+ client_params.key_update_not_yet_supported = true;
+ }
+
// When interoperating with non-Google implementations that do not send
// the version extension, set it to what we expect.
if (client_params.version == 0) {
