mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-08 19:04:45 +00:00
Bug 1816952: Add HTTP3 ECH GREASE Pref. r=kershaw,necko-reviewers
This has been tested manually with Wireshark as we don't have a H3 web server which can signal whether GREASE was added to the ClientHello or not. Differential Revision: https://phabricator.services.mozilla.com/D170057
This commit is contained in:
parent
641ff896a7
commit
997470442d
@ -13656,6 +13656,12 @@
|
||||
#endif
|
||||
mirror: always
|
||||
|
||||
# Whether to apply ECH GREASE settings to HTTP3/QUIC connections
|
||||
- name: security.tls.ech.grease_http3
|
||||
type: RelaxedAtomicBool
|
||||
value: false
|
||||
mirror: always
|
||||
|
||||
# Whether to retry connections without ECH Grease
|
||||
- name: security.tls.ech.disable_grease_on_fallback
|
||||
type: RelaxedAtomicBool
|
||||
|
@ -16,6 +16,7 @@
|
||||
#include "SSLServerCertVerification.h"
|
||||
#include "SSLTokensCache.h"
|
||||
#include "ScopedNSSTypes.h"
|
||||
#include "mozilla/RandomNum.h"
|
||||
#include "mozilla/RefPtr.h"
|
||||
#include "mozilla/Telemetry.h"
|
||||
#include "mozilla/net/DNS.h"
|
||||
@ -171,8 +172,17 @@ nsresult Http3Session::Init(const nsHttpConnectionInfo* aConnInfo,
|
||||
ZeroRttTelemetry(ZeroRttOutcome::NOT_USED);
|
||||
}
|
||||
|
||||
if (gHttpHandler->EchConfigEnabled(true)) {
|
||||
mSocketControl->SetEchConfig(mConnInfo->GetEchConfig());
|
||||
auto config = mConnInfo->GetEchConfig();
|
||||
if (config.IsEmpty()) {
|
||||
if (StaticPrefs::security_tls_ech_grease_http3() && config.IsEmpty()) {
|
||||
if ((RandomUint64().valueOr(0) % 100) >=
|
||||
100 - StaticPrefs::security_tls_ech_grease_probability()) {
|
||||
// Setting an empty config enables GREASE mode.
|
||||
mSocketControl->SetEchConfig(config);
|
||||
}
|
||||
}
|
||||
} else if (gHttpHandler->EchConfigEnabled(true) && !config.IsEmpty()) {
|
||||
mSocketControl->SetEchConfig(config);
|
||||
HttpConnectionActivity activity(
|
||||
mConnInfo->HashKey(), mConnInfo->GetOrigin(), mConnInfo->OriginPort(),
|
||||
mConnInfo->EndToEndSSL(), !mConnInfo->GetEchConfig().IsEmpty(),
|
||||
@ -190,14 +200,12 @@ nsresult Http3Session::Init(const nsHttpConnectionInfo* aConnInfo,
|
||||
}
|
||||
|
||||
void Http3Session::DoSetEchConfig(const nsACString& aEchConfig) {
|
||||
if (!aEchConfig.IsEmpty()) {
|
||||
LOG(("Http3Session::DoSetEchConfig %p", this));
|
||||
nsTArray<uint8_t> config;
|
||||
config.AppendElements(
|
||||
reinterpret_cast<const uint8_t*>(aEchConfig.BeginReading()),
|
||||
aEchConfig.Length());
|
||||
mHttp3Connection->SetEchConfig(config);
|
||||
}
|
||||
LOG(("Http3Session::DoSetEchConfig %p", this));
|
||||
nsTArray<uint8_t> config;
|
||||
config.AppendElements(
|
||||
reinterpret_cast<const uint8_t*>(aEchConfig.BeginReading()),
|
||||
aEchConfig.Length());
|
||||
mHttp3Connection->SetEchConfig(config);
|
||||
}
|
||||
|
||||
nsresult Http3Session::SendPriorityUpdateFrame(uint64_t aStreamId,
|
||||
|
@ -896,6 +896,10 @@ echPrefs:
|
||||
description: Probability of GREASEing a TLS connection with ECH (0-100).
|
||||
type: int
|
||||
setPref: "security.tls.ech.grease_probability"
|
||||
h3GreaseEnabled:
|
||||
description: Whether to apply GREASE settings to H3/QUIC connections.
|
||||
type: boolean
|
||||
setPref: "security.tls.ech.grease_http3"
|
||||
disableGreaseOnFallback:
|
||||
description: Whether to disable GREASE when retrying a connection.
|
||||
type: boolean
|
||||
|
Loading…
Reference in New Issue
Block a user