]> git.ipfire.org Git - thirdparty/openssl.git/commit
projects / thirdparty / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 56d0ca6) | patch
Reduce our NEW_TOKEN send rate.
authorNeil Horman <nhorman@openssl.org>
Tue, 28 Jan 2025 13:58:19 +0000 (08:58 -0500)
committerNeil Horman <nhorman@openssl.org>
Tue, 4 Feb 2025 14:15:55 +0000 (09:15 -0500)
commit78e44df5a30b2cb8805bd3e37b93c2539d0114bd
tree16a434bf57a9a8a1c43f3c789a42d0812e6f4c8ftree
parent56d0ca6791ea660b962ee4a25e7c0bfed9eed9c6commit | diff
Reduce our NEW_TOKEN send rate.

Currently, we send a NEW_TOKEN frame on every new validated connection,
but thats not necessecary.  Since NEW_TOKEN tokens have a lifetime of 1
hour currently, we really only need to send a NEW_TOKEN if:
1) We validated a RETRY token
or
2) We validated a NEW_TOKEN for which the lifetime is nearing its limit

So lets do that.  When we validate a token, only generate a NEW_TOKEN if
the current token is a RETRY token, or if its a NEW_TOKEN, and there is
less than 10% of the tokens lifetime remaining.

This lets clients use NEW_TOKENS repeatedly (as per the RFC), and saves
us some network bandwith.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26517)
ssl/quic/quic_port.c diff | blob | blame | history
Mirror of https://github.com/openssl/openssl.git