Configure renegotiations on, then disable after the handshake.

Configure renegotiations on, then disable after the handshake.

Instead we were starting them out off and then enabling after the
handshake if necessary. This is identical, but Chromium is BoringSSL's
only consumer which switches renegotiations from off to on
post-handshake. If we forbid that, then a future optimization to drop
configuration state post-handshake becomes simpler. See the associated
BoringSSL bug.

Tested manually against hacked up renegotiating HTTP/1.1 and HTTP/2
servers.

BUG=boringssl:123
Review-Url: https://codereview.chromium.org/2698113002
Cr-Commit-Position: refs/heads/master@{#451033}
Committed: https://chromium.googlesource.com/chromium/src/+/971a681af516fec7a031820a9cc2063872c61e9b

[davidben, 2017-02-16 00:36:45]

The CQ bit was checked by davidben@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2017-02-16 00:38:05]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[davidben, 2017-02-16 00:38:26]

The CQ bit was checked by davidben@chromium.org to run a CQ dry run

[davidben, 2017-02-16 00:38:45]

Description was changed from

==========
Configure renegotiations on, then disable after the handshake.

Instead we were starting them out off and then enabling after the
handshake if necessary. This is identical, but Chromium is BoringSSL's
only consumer which switches renegotiations from off to on
post-handshake. If we forbid that, then a future optimization to drop
configuration state post-handshake becomes simpler. See the associated
BoringSSL bug.

BUG=boringssl:123
==========

to

==========
Configure renegotiations on, then disable after the handshake.

Instead we were starting them out off and then enabling after the
handshake if necessary. This is identical, but Chromium is BoringSSL's
only consumer which switches renegotiations from off to on
post-handshake. If we forbid that, then a future optimization to drop
configuration state post-handshake becomes simpler. See the associated
BoringSSL bug.

Tested manually against hacked up renegotiating HTTP/1.1 and HTTP/2
servers.

BUG=boringssl:123
==========

[davidben, 2017-02-16 00:39:00]

davidben@chromium.org changed reviewers:
+ svaldez@chromium.org

[commit-bot: I haz the power, 2017-02-16 00:39:16]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-02-16 01:51:52]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2017-02-16 01:51:53]

Dry run: Try jobs failed on following builders:
  ios-simulator on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-simulator/bui...)

[svaldez, 2017-02-16 16:56:00]

The CQ bit was checked by svaldez@chromium.org

[svaldez, 2017-02-16 16:56:00]

lgtm

[commit-bot: I haz the power, 2017-02-16 16:56:43]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2017-02-16 18:57:51]

CQ is committing da patch.

Bot data: {"patchset_id": 20001, "attempt_start_ts": 1487264160175840,
"parent_rev": "47f1fb204582c356c19ab85a296e0dab790fb80c", "commit_rev":
"971a681af516fec7a031820a9cc2063872c61e9b"}

[commit-bot: I haz the power, 2017-02-16 18:58:30]

Description was changed from

==========
Configure renegotiations on, then disable after the handshake.

Instead we were starting them out off and then enabling after the
handshake if necessary. This is identical, but Chromium is BoringSSL's
only consumer which switches renegotiations from off to on
post-handshake. If we forbid that, then a future optimization to drop
configuration state post-handshake becomes simpler. See the associated
BoringSSL bug.

Tested manually against hacked up renegotiating HTTP/1.1 and HTTP/2
servers.

BUG=boringssl:123
==========

to

==========
Configure renegotiations on, then disable after the handshake.

Instead we were starting them out off and then enabling after the
handshake if necessary. This is identical, but Chromium is BoringSSL's
only consumer which switches renegotiations from off to on
post-handshake. If we forbid that, then a future optimization to drop
configuration state post-handshake becomes simpler. See the associated
BoringSSL bug.

Tested manually against hacked up renegotiating HTTP/1.1 and HTTP/2
servers.

BUG=boringssl:123

Review-Url: https://codereview.chromium.org/2698113002
Cr-Commit-Position: refs/heads/master@{#451033}
Committed:
https://chromium.googlesource.com/chromium/src/+/971a681af516fec7a031820a9cc2...
==========

[commit-bot: I haz the power, 2017-02-16 18:58:31]

Committed patchset #2 (id:20001) as
https://chromium.googlesource.com/chromium/src/+/971a681af516fec7a031820a9cc2...