Chromium Code Reviews
|
|
Chromium Code Reviews
Issue
2712563002:
Update max Token Binding version to 13 (Closed)
DescriptionUpdate max Token Binding version to 13
Drafts 10 thru 13 of Token Binding are all wire compatible, so we can advertise support for draft 13 in Chrome without breaking support with existing servers (or any other code changes than the max version). More importantly, by advertising support for draft 13, we can update servers to only accept draft 13. M56 (which only does draft 10) has a bug where if both TLS 1.3 and Token Binding are enabled and it makes a connection to a server which supports both, the connection fails. Token Binding is turned off in M56, but unofficial builds that weren't built with fieldtrial_testing_like_official_build set properly enabled all experiments, resulting in builds enabling both TLS 1.3 and Token Binding, and hitting this bug.
BUG=693943
Review-Url: https://codereview.chromium.org/2712563002
Cr-Commit-Position: refs/heads/master@{#452178}
Committed: https://chromium.googlesource.com/chromium/src/+/96d085c8adbd2092696fdc6c622d61a23d5de0bf
Patch Set 1 #
Messages
Total messages: 25 (16 generated)
nharper@chromium.org changed reviewers: + davidben@chromium.org
lgtm. Could you elaborate a little more on what's going on here? (Specifically that we're bumping the TB version so that servers can speak TLS-1.3-draft-18 and TB-draft-13 without hitting M56 + TLS-1.3-draft-18 + TB-draft-10 + unofficial-build woes.)
On 2017/02/21 23:00:52, davidben wrote: > lgtm. > > Could you elaborate a little more on what's going on here? (Specifically that > we're bumping the TB version so that servers can speak TLS-1.3-draft-18 and > TB-draft-13 without hitting M56 + TLS-1.3-draft-18 + TB-draft-10 + > unofficial-build woes.) (In the commit message, that is.)
Description was changed from ========== Update max Token Binding version to 13 BUG=693943 ========== to ========== Update max Token Binding version to 13 Drafts 10 thru 13 of Token Binding are all wire compatible, so we can advertise support for draft 13 in Chrome without breaking support with existing servers (or any other code changes than the max version). More importantly, by advertising support for draft 13, we can update servers to only accept draft 13. M56 (which only does draft 10) has a bug where if both TLS 1.3 and Token Binding are enabled and it makes a connection to a server which supports both, the connection fails. Token Binding is turned off in M56, but unofficial builds that weren't built with fieldtrial_testing_like_official_build set properly enabled all experiments, resulting in builds enabling both TLS 1.3 and Token Binding, and hitting this bug. BUG=693943 ==========
The CQ bit was checked by nharper@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: chromeos_amd64-generic_chromium_compile_only_ng on master.tryserver.chromium.linux (JOB_TIMED_OUT, no build URL) linux_chromium_chromeos_ozone_rel_ng on master.tryserver.chromium.linux (JOB_TIMED_OUT, no build URL) linux_chromium_chromeos_rel_ng on master.tryserver.chromium.linux (JOB_TIMED_OUT, no build URL) linux_chromium_compile_dbg_ng on master.tryserver.chromium.linux (JOB_TIMED_OUT, no build URL) linux_chromium_rel_ng on master.tryserver.chromium.linux (JOB_TIMED_OUT, no build URL) linux_chromium_tsan_rel_ng on master.tryserver.chromium.linux (JOB_TIMED_OUT, no build URL)
The CQ bit was checked by nharper@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Try jobs failed on following builders: chromeos_amd64-generic_chromium_compile_only_ng on master.tryserver.chromium.linux (JOB_TIMED_OUT, no build URL) chromium_presubmit on master.tryserver.chromium.linux (JOB_TIMED_OUT, no build URL) linux_chromium_chromeos_ozone_rel_ng on master.tryserver.chromium.linux (JOB_TIMED_OUT, no build URL) linux_chromium_compile_dbg_ng on master.tryserver.chromium.linux (JOB_TIMED_OUT, no build URL) linux_chromium_rel_ng on master.tryserver.chromium.linux (JOB_TIMED_OUT, no build URL) linux_chromium_tsan_rel_ng on master.tryserver.chromium.linux (JOB_TIMED_OUT, no build URL)
The CQ bit was checked by nharper@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by nharper@chromium.org
The CQ bit was checked by nharper@chromium.org to run a CQ dry run
Dry run: CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
The CQ bit was unchecked by commit-bot@chromium.org
Dry run: This issue passed the CQ dry run.
The CQ bit was checked by nharper@chromium.org
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...
CQ is committing da patch.
Bot data: {"patchset_id": 1, "attempt_start_ts": 1487793679423870, "parent_rev":
"0e5ce3e075b6bdde16328a4f280a1f8ba8621a2f", "commit_rev":
"96d085c8adbd2092696fdc6c622d61a23d5de0bf"}
Message was sent while issue was closed.
Description was changed from ========== Update max Token Binding version to 13 Drafts 10 thru 13 of Token Binding are all wire compatible, so we can advertise support for draft 13 in Chrome without breaking support with existing servers (or any other code changes than the max version). More importantly, by advertising support for draft 13, we can update servers to only accept draft 13. M56 (which only does draft 10) has a bug where if both TLS 1.3 and Token Binding are enabled and it makes a connection to a server which supports both, the connection fails. Token Binding is turned off in M56, but unofficial builds that weren't built with fieldtrial_testing_like_official_build set properly enabled all experiments, resulting in builds enabling both TLS 1.3 and Token Binding, and hitting this bug. BUG=693943 ========== to ========== Update max Token Binding version to 13 Drafts 10 thru 13 of Token Binding are all wire compatible, so we can advertise support for draft 13 in Chrome without breaking support with existing servers (or any other code changes than the max version). More importantly, by advertising support for draft 13, we can update servers to only accept draft 13. M56 (which only does draft 10) has a bug where if both TLS 1.3 and Token Binding are enabled and it makes a connection to a server which supports both, the connection fails. Token Binding is turned off in M56, but unofficial builds that weren't built with fieldtrial_testing_like_official_build set properly enabled all experiments, resulting in builds enabling both TLS 1.3 and Token Binding, and hitting this bug. BUG=693943 Review-Url: https://codereview.chromium.org/2712563002 Cr-Commit-Position: refs/heads/master@{#452178} Committed: https://chromium.googlesource.com/chromium/src/+/96d085c8adbd2092696fdc6c622d... ==========
Message was sent while issue was closed.
Committed patchset #1 (id:1) as https://chromium.googlesource.com/chromium/src/+/96d085c8adbd2092696fdc6c622d... |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
