Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(272)

Unified Diff: net/quic/crypto/quic_crypto_server_config.cc

Issue 1404053002: relnote: Disables strike register lookups when talking QUIC_VERSION_27 (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@Remove_unused_supported_versions_103964623
Patch Set: Use a smaller cert and delete the TODO Created 5 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/quic/crypto/crypto_server_test.cc ('k') | net/quic/quic_crypto_server_stream_test.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/quic/crypto/quic_crypto_server_config.cc
diff --git a/net/quic/crypto/quic_crypto_server_config.cc b/net/quic/crypto/quic_crypto_server_config.cc
index a4f28d959fbeef6f9ecf19ae44ecaf7fea2f97bf..173e98080920e548f39e9ba7d5ce881b973819b7 100644
--- a/net/quic/crypto/quic_crypto_server_config.cc
+++ b/net/quic/crypto/quic_crypto_server_config.cc
@@ -1040,13 +1040,27 @@ void QuicCryptoServerConfig::EvaluateClientHello(
found_error = true;
}
+ // Server nonce is optional, and used for key derivation if present.
+ client_hello.GetStringPiece(kServerNonceTag, &info->server_nonce);
+
+ if (version > QUIC_VERSION_26) {
+ DVLOG(1) << "No 0-RTT replay protection in QUIC_VERSION_27 and higher.";
+ // If the server nonce is empty and we're requiring handshake confirmation
+ // for DoS reasons then we must reject the CHLO.
+ if (FLAGS_quic_require_handshake_confirmation &&
+ info->server_nonce.empty()) {
+ info->reject_reasons.push_back(SERVER_NONCE_REQUIRED_FAILURE);
+ }
+ helper.ValidationComplete(QUIC_NO_ERROR, "");
+ return;
+ }
+
if (!replay_protection_) {
DVLOG(1) << "No replay protection.";
helper.ValidationComplete(QUIC_NO_ERROR, "");
return;
}
- client_hello.GetStringPiece(kServerNonceTag, &info->server_nonce);
if (!info->server_nonce.empty()) {
// If the server nonce is present, use it to establish uniqueness.
HandshakeFailureReason server_nonce_error =
« no previous file with comments | « net/quic/crypto/crypto_server_test.cc ('k') | net/quic/quic_crypto_server_stream_test.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698