New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 641225 link

Starred by 10 users
Status: Assigned
Owner:
svaldez@chromium.org
Last visit > 30 days ago
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug

Blocked on:
issue boringssl:76
Blocking:
issue 630147



Sign in to add a comment

0-RTT for TLS 1.3 over TCP

Project Member Reported by davidben@chromium.org, Aug 26 2016 
From chatting with mmenke@, particularly due to the ALPN-swapping hilarity, probably the way to go here is to have HttpStream spit out a special ERR_EARLY_DATA_REJECTED error code which signals HttpNetworkTransaction to try again. At the socket layer, once a socket has hit that error and reset itself, it is returned into the socket pool, ready for 1-RTT requests. Then HttpNetworkTransaction's retry will pick it up (or fail to).

The annoying TLS 1.2 0-RTT incompatibility fallback can be implemented by simply mapping the 1.2 ServerHello on 0-RTT offer error to ERR_EARLY_DATA_REJECTED without returning anything to the socket pool.

(Trying to keep continuity between early write and the retry will take a lot of plumbing and isn't worth it since it isn't even possible. Consider the hilarious case where we 0-RTT-predict an HTTP/2 session, attack 20 requests to it, and then server rejects 0-RTT and says "Nope! Let's speak HTTP/1.1 instead.")

Comment 1 by svaldez@chromium.org, Feb 6 2018

Owner: svaldez@chromium.org
Status: Assigned (was: Untriaged)
Project Member

Comment 2 by bugdroid1@chromium.org, Mar 2 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/03e872df9366fffc97112b89ce677f1a33547c28

commit 03e872df9366fffc97112b89ce677f1a33547c28
Author: Steven Valdez <svaldez@chromium.org>
Date: Fri Mar 02 15:39:15 2018

Update 0RTT semantics to only happen on SAFE methods.

Bug: 641225
Cq-Include-Trybots: master.tryserver.chromium.android:android_cronet_tester;master.tryserver.chromium.mac:ios-simulator-cronet
Change-Id: I3d6d153c1e9bf480f3a736fc1cfd8c1cebac8a19
Reviewed-on: https://chromium-review.googlesource.com/934522
Reviewed-by: Misha Efimov <mef@chromium.org>
Reviewed-by: Ryan Hamilton <rch@chromium.org>
Commit-Queue: Steven Valdez <svaldez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#540522}
[modify] https://crrev.com/03e872df9366fffc97112b89ce677f1a33547c28/components/grpc_support/include/bidirectional_stream_c.h
[modify] https://crrev.com/03e872df9366fffc97112b89ce677f1a33547c28/net/http/http_network_transaction.cc
[modify] https://crrev.com/03e872df9366fffc97112b89ce677f1a33547c28/net/quic/chromium/bidirectional_stream_quic_impl.cc
[modify] https://crrev.com/03e872df9366fffc97112b89ce677f1a33547c28/net/quic/chromium/bidirectional_stream_quic_impl_unittest.cc
Project Member

Comment 3 by bugdroid1@chromium.org, Jul 15 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/6af02df8c643bc7d7be8af0ff9c709368877de46

commit 6af02df8c643bc7d7be8af0ff9c709368877de46
Author: Steven Valdez <svaldez@chromium.org>
Date: Sun Jul 15 21:52:33 2018

Initial SSL/Socket 0RTT changes.

This adds the API to SSLClientSocket but does not yet hook it up
to the rest of the stack.

Bug: 641225
Change-Id: I8694d4e4f92d7e57d32541fcc2b87ed5fb42d075
Reviewed-on: https://chromium-review.googlesource.com/1067639
Commit-Queue: Steven Valdez <svaldez@chromium.org>
Reviewed-by: Steven Valdez <svaldez@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Cr-Commit-Position: refs/heads/master@{#575189}
[modify] https://crrev.com/6af02df8c643bc7d7be8af0ff9c709368877de46/net/base/net_error_list.h
[modify] https://crrev.com/6af02df8c643bc7d7be8af0ff9c709368877de46/net/log/net_log_event_type_list.h
[modify] https://crrev.com/6af02df8c643bc7d7be8af0ff9c709368877de46/net/socket/ssl_client_socket_impl.cc
[modify] https://crrev.com/6af02df8c643bc7d7be8af0ff9c709368877de46/net/socket/ssl_client_socket_impl.h
[modify] https://crrev.com/6af02df8c643bc7d7be8af0ff9c709368877de46/net/socket/ssl_client_socket_unittest.cc
[modify] https://crrev.com/6af02df8c643bc7d7be8af0ff9c709368877de46/net/socket/ssl_server_socket_impl.cc
[modify] https://crrev.com/6af02df8c643bc7d7be8af0ff9c709368877de46/net/socket/stream_socket.cc
[modify] https://crrev.com/6af02df8c643bc7d7be8af0ff9c709368877de46/net/socket/stream_socket.h
[modify] https://crrev.com/6af02df8c643bc7d7be8af0ff9c709368877de46/net/ssl/openssl_ssl_util.cc
[modify] https://crrev.com/6af02df8c643bc7d7be8af0ff9c709368877de46/net/ssl/ssl_config.cc
[modify] https://crrev.com/6af02df8c643bc7d7be8af0ff9c709368877de46/net/ssl/ssl_config.h
[modify] https://crrev.com/6af02df8c643bc7d7be8af0ff9c709368877de46/net/ssl/ssl_info.h
[modify] https://crrev.com/6af02df8c643bc7d7be8af0ff9c709368877de46/net/ssl/ssl_server_config.cc
[modify] https://crrev.com/6af02df8c643bc7d7be8af0ff9c709368877de46/net/ssl/ssl_server_config.h
[modify] https://crrev.com/6af02df8c643bc7d7be8af0ff9c709368877de46/net/test/embedded_test_server/embedded_test_server.cc
[modify] https://crrev.com/6af02df8c643bc7d7be8af0ff9c709368877de46/net/test/embedded_test_server/embedded_test_server.h
[modify] https://crrev.com/6af02df8c643bc7d7be8af0ff9c709368877de46/tools/metrics/histograms/enums.xml
Project Member

Comment 4 by bugdroid1@chromium.org, Nov 9 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e1d42738d3d1dcd9e95956ba1d4adf67558ba27e

commit e1d42738d3d1dcd9e95956ba1d4adf67558ba27e
Author: David Benjamin <davidben@chromium.org>
Date: Fri Nov 09 19:31:34 2018

Add a test for the 0-RTT send limit.

This causes Write to block on the ServerHello, which is a somewhat
interesting I/O pattern.

Bug: 641225
Change-Id: I0faf9783cf027848e832c091032e5cd0efa2ceee
Reviewed-on: https://chromium-review.googlesource.com/c/1285449
Commit-Queue: Steven Valdez <svaldez@chromium.org>
Reviewed-by: Steven Valdez <svaldez@chromium.org>
Cr-Commit-Position: refs/heads/master@{#606930}
[modify] https://crrev.com/e1d42738d3d1dcd9e95956ba1d4adf67558ba27e/net/socket/ssl_client_socket_unittest.cc

Sign in to add a comment