Tracking bug for changes we need to do in Chromium for TLS 1.3.
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/99ce6308c09c342dbf6cdabda0bdbc1452ee036d commit 99ce6308c09c342dbf6cdabda0bdbc1452ee036d Author: davidben <davidben@chromium.org> Date: Wed Nov 09 17:30:28 2016 Don't maintain a second level of timeouts. This second level of timeouts is not maintained correctly in the case of TLS 1.2 ticket renewals. BoringSSL does not extend ticket lifetimes on ticket renewals because the master secret is unchanged, but BoringSSL's default is two hours, while SSLClientSessionCache uses one hour. This meant that TLS 1.2 ticket renewals currently extend the one hour lifetime up to a two hour non-renewable lifetime. This makes no sense. Instead, have SSLClientSessionCache query SSL_SESSION timeout fields. Then configure the SSL_CTX to match the old timeout to preserve the existing behavior. (Though I suspect one vs two hours isn't a big difference and we could just leave it at BoringSSL defaults.) Do this both to fix our TLS 1.2 ticket renewal policy and prepare for TLS 1.3 which will involve a more complex timeout policy. (Resumptions do an ECDH and renewals incorporate that key material, so longer and renewable lifetimes makes sense, but we will still need a non-renewable timeout for when we require a fresh signature.) BUG=630147 Review-Url: https://codereview.chromium.org/2480813002 Cr-Commit-Position: refs/heads/master@{#430961} [modify] https://crrev.com/99ce6308c09c342dbf6cdabda0bdbc1452ee036d/net/socket/ssl_client_socket_impl.cc [modify] https://crrev.com/99ce6308c09c342dbf6cdabda0bdbc1452ee036d/net/ssl/ssl_client_session_cache.cc [modify] https://crrev.com/99ce6308c09c342dbf6cdabda0bdbc1452ee036d/net/ssl/ssl_client_session_cache.h [modify] https://crrev.com/99ce6308c09c342dbf6cdabda0bdbc1452ee036d/net/ssl/ssl_client_session_cache_unittest.cc
Issue 807276 has been merged into this issue.
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/f27cb7faf5b40e0c8b6f805bba47414da7ec4171 commit f27cb7faf5b40e0c8b6f805bba47414da7ec4171 Author: Steven Valdez <svaldez@chromium.org> Date: Tue Aug 21 18:34:33 2018 Add TLS 1.3 Final variant flags. Bug: 630147 Cq-Include-Trybots: luci.chromium.try:linux_mojo Change-Id: I3a7c751403c53a4222ed006cad5a08741a2b1e0b Reviewed-on: https://chromium-review.googlesource.com/1172504 Reviewed-by: Ryan Sleevi <rsleevi@chromium.org> Reviewed-by: Gabriel Charette <gab@chromium.org> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Reviewed-by: Helen Li <xunjieli@chromium.org> Reviewed-by: David Benjamin <davidben@chromium.org> Commit-Queue: Steven Valdez <svaldez@chromium.org> Cr-Commit-Position: refs/heads/master@{#584856} [modify] https://crrev.com/f27cb7faf5b40e0c8b6f805bba47414da7ec4171/chrome/browser/about_flags.cc [modify] https://crrev.com/f27cb7faf5b40e0c8b6f805bba47414da7ec4171/chrome/browser/flag_descriptions.cc [modify] https://crrev.com/f27cb7faf5b40e0c8b6f805bba47414da7ec4171/chrome/browser/flag_descriptions.h [modify] https://crrev.com/f27cb7faf5b40e0c8b6f805bba47414da7ec4171/chrome/browser/prefs/chrome_command_line_pref_store_ssl_manager_unittest.cc [modify] https://crrev.com/f27cb7faf5b40e0c8b6f805bba47414da7ec4171/chrome/browser/ssl/ssl_config_service_manager_pref.cc [modify] https://crrev.com/f27cb7faf5b40e0c8b6f805bba47414da7ec4171/chrome/browser/ssl/ssl_config_service_manager_pref_unittest.cc [modify] https://crrev.com/f27cb7faf5b40e0c8b6f805bba47414da7ec4171/chrome/common/chrome_switches.cc [modify] https://crrev.com/f27cb7faf5b40e0c8b6f805bba47414da7ec4171/chrome/common/chrome_switches.h [modify] https://crrev.com/f27cb7faf5b40e0c8b6f805bba47414da7ec4171/chrome/common/pref_names.cc [modify] https://crrev.com/f27cb7faf5b40e0c8b6f805bba47414da7ec4171/net/socket/ssl_client_socket_impl.cc [modify] https://crrev.com/f27cb7faf5b40e0c8b6f805bba47414da7ec4171/net/ssl/ssl_config.h [modify] https://crrev.com/f27cb7faf5b40e0c8b6f805bba47414da7ec4171/services/network/public/mojom/ssl_config.mojom [modify] https://crrev.com/f27cb7faf5b40e0c8b6f805bba47414da7ec4171/services/network/ssl_config_type_converter.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/eb3d26ae1efe4b239bbe197f7e029566c2535d97 commit eb3d26ae1efe4b239bbe197f7e029566c2535d97 Author: Steven Valdez <svaldez@chromium.org> Date: Sat Sep 08 22:48:33 2018 Remove TLS 1.3 draft28. Bug: 630147 Cq-Include-Trybots: luci.chromium.try:linux_mojo Change-Id: Iea23b013ad1a2119e964ab5f60d8c9866f23e2c1 Reviewed-on: https://chromium-review.googlesource.com/1213929 Reviewed-by: Ryan Sleevi <rsleevi@chromium.org> Reviewed-by: Chris Palmer <palmer@chromium.org> Reviewed-by: Matt Menke <mmenke@chromium.org> Reviewed-by: David Benjamin <davidben@chromium.org> Commit-Queue: Ryan Sleevi <rsleevi@chromium.org> Cr-Commit-Position: refs/heads/master@{#589788} [modify] https://crrev.com/eb3d26ae1efe4b239bbe197f7e029566c2535d97/chrome/browser/about_flags.cc [modify] https://crrev.com/eb3d26ae1efe4b239bbe197f7e029566c2535d97/chrome/browser/flag_descriptions.cc [modify] https://crrev.com/eb3d26ae1efe4b239bbe197f7e029566c2535d97/chrome/browser/flag_descriptions.h [modify] https://crrev.com/eb3d26ae1efe4b239bbe197f7e029566c2535d97/chrome/browser/ssl/ssl_config_service_manager_pref.cc [modify] https://crrev.com/eb3d26ae1efe4b239bbe197f7e029566c2535d97/chrome/browser/ssl/ssl_config_service_manager_pref_unittest.cc [modify] https://crrev.com/eb3d26ae1efe4b239bbe197f7e029566c2535d97/chrome/common/chrome_switches.cc [modify] https://crrev.com/eb3d26ae1efe4b239bbe197f7e029566c2535d97/chrome/common/chrome_switches.h [modify] https://crrev.com/eb3d26ae1efe4b239bbe197f7e029566c2535d97/chrome/common/pref_names.cc [modify] https://crrev.com/eb3d26ae1efe4b239bbe197f7e029566c2535d97/net/socket/ssl_client_socket_impl.cc [modify] https://crrev.com/eb3d26ae1efe4b239bbe197f7e029566c2535d97/net/ssl/ssl_config.h [modify] https://crrev.com/eb3d26ae1efe4b239bbe197f7e029566c2535d97/services/network/public/mojom/ssl_config.mojom [modify] https://crrev.com/eb3d26ae1efe4b239bbe197f7e029566c2535d97/services/network/ssl_config_type_converter.cc
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/0ef94d0c12e1fff886b4434d14d827ad7cad2454 commit 0ef94d0c12e1fff886b4434d14d827ad7cad2454 Author: Steven Valdez <svaldez@chromium.org> Date: Mon Nov 19 23:28:13 2018 Enable TLS 1.3 by default. Bug: 630147 Change-Id: I20541f77c7e9e8d5a0085452d2a883e24563083c Reviewed-on: https://chromium-review.googlesource.com/c/1330069 Commit-Queue: Steven Valdez <svaldez@chromium.org> Reviewed-by: Adam Langley <agl@chromium.org> Reviewed-by: Ilya Sherman <isherman@chromium.org> Reviewed-by: Daniel Cheng <dcheng@chromium.org> Reviewed-by: Ken Rockot <rockot@google.com> Reviewed-by: David Benjamin <davidben@chromium.org> Cr-Commit-Position: refs/heads/master@{#609504} [modify] https://crrev.com/0ef94d0c12e1fff886b4434d14d827ad7cad2454/chrome/browser/extensions/api/socket/tls_socket_unittest.cc [modify] https://crrev.com/0ef94d0c12e1fff886b4434d14d827ad7cad2454/chrome/browser/ssl/security_state_tab_helper_browsertest.cc [modify] https://crrev.com/0ef94d0c12e1fff886b4434d14d827ad7cad2454/extensions/browser/api/socket/tcp_socket.cc [modify] https://crrev.com/0ef94d0c12e1fff886b4434d14d827ad7cad2454/net/http/http_network_transaction_unittest.cc [modify] https://crrev.com/0ef94d0c12e1fff886b4434d14d827ad7cad2454/net/socket/socket_test_util.cc [modify] https://crrev.com/0ef94d0c12e1fff886b4434d14d827ad7cad2454/net/socket/ssl_client_socket_pool_unittest.cc [modify] https://crrev.com/0ef94d0c12e1fff886b4434d14d827ad7cad2454/net/socket/ssl_server_socket_unittest.cc [modify] https://crrev.com/0ef94d0c12e1fff886b4434d14d827ad7cad2454/net/ssl/ssl_config.cc [modify] https://crrev.com/0ef94d0c12e1fff886b4434d14d827ad7cad2454/net/url_request/url_request_unittest.cc [modify] https://crrev.com/0ef94d0c12e1fff886b4434d14d827ad7cad2454/services/network/public/mojom/ssl_config.mojom [modify] https://crrev.com/0ef94d0c12e1fff886b4434d14d827ad7cad2454/services/network/public/mojom/tls_socket.mojom [modify] https://crrev.com/0ef94d0c12e1fff886b4434d14d827ad7cad2454/services/network/ssl_config_type_converter.cc [modify] https://crrev.com/0ef94d0c12e1fff886b4434d14d827ad7cad2454/services/network/url_loader_unittest.cc [modify] https://crrev.com/0ef94d0c12e1fff886b4434d14d827ad7cad2454/testing/variations/fieldtrial_testing_config.json
Comment 1 by davidben@chromium.org
, Jul 21 2016