TLS: enable TLS client hello permutation by default this is flipping WebRTC-PermuteTlsClientHello to a killswitch in the SSLStreamAdapter used for DTLS. BUG=webrtc:42225803 Change-Id: I942851c474ec5e723c5b6c9f6206e7eafbe80ea4 Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/357901 Reviewed-by: Harald Alvestrand <hta@webrtc.org> Commit-Queue: Philipp Hancke <phancke@meta.com> Reviewed-by: Danil Chapovalov <danilchap@webrtc.org> Cr-Commit-Position: refs/heads/main@{#42676}

commit: 76430c0bf1085a07fbc1b80b4f8e4970193c87ab [log] [tgz]
author: Philipp Hancke <phancke@meta.com> Thu Jul 25 23:01:29 2024
committer: WebRTC LUCI CQ <webrtc-scoped@luci-project-accounts.iam.gserviceaccount.com> Fri Jul 26 17:19:40 2024
tree: 846f8dac4107f5ae0ea239b32b8e602f89e743bf
parent: 12f9d5ce601a13cd45d56f40ed9ed94f3a90d91e [diff]
diff --git a/experiments/field_trials.py b/experiments/field_trials.py
index 8af1d31..4c41b7e 100755
--- a/experiments/field_trials.py
+++ b/experiments/field_trials.py

@@ -109,7 +109,7 @@
                date(2024, 4, 1)),
     FieldTrial('WebRTC-PermuteTlsClientHello',
                42225803,
-               date(2024, 7, 1)),
+               date(2025, 1, 1)),
     FieldTrial('WebRTC-QCM-Dynamic-AV1',
                349860657,
                date(2025, 7, 1)),

diff --git a/rtc_base/openssl_stream_adapter.cc b/rtc_base/openssl_stream_adapter.cc
index 46ce8b8..9075f9a 100644
--- a/rtc_base/openssl_stream_adapter.cc
+++ b/rtc_base/openssl_stream_adapter.cc

@@ -290,7 +290,7 @@
       ssl_ctx_(nullptr),
 #ifdef OPENSSL_IS_BORINGSSL
       permute_extension_(
-          webrtc::field_trial::IsEnabled("WebRTC-PermuteTlsClientHello")),
+          !webrtc::field_trial::IsDisabled("WebRTC-PermuteTlsClientHello")),
 #endif
       ssl_mode_(SSL_MODE_TLS),
       ssl_max_version_(SSL_PROTOCOL_TLS_12) {

diff --git a/rtc_base/ssl_stream_adapter_unittest.cc b/rtc_base/ssl_stream_adapter_unittest.cc
index ed96305..ab47a19 100644
--- a/rtc_base/ssl_stream_adapter_unittest.cc
+++ b/rtc_base/ssl_stream_adapter_unittest.cc

@@ -1674,14 +1674,23 @@
 }
 
 TEST_F(SSLStreamAdapterTestDTLSExtensionPermutation,
-       ClientDefaultServerPermute) {
-  Initialize("", "WebRTC-PermuteTlsClientHello/Enabled/");
+       ClientDisabledServerDisabled) {
+  Initialize("WebRTC-PermuteTlsClientHello/Disabled/",
+             "WebRTC-PermuteTlsClientHello/Disabled/");
   TestHandshake();
 }
 
 TEST_F(SSLStreamAdapterTestDTLSExtensionPermutation,
-       ClientPermuteServerDefault) {
-  Initialize("WebRTC-PermuteTlsClientHello/Enabled/", "");
+       ClientDisabledServerPermute) {
+  Initialize("WebRTC-PermuteTlsClientHello/Disabled/",
+             "WebRTC-PermuteTlsClientHello/Enabled/");
+  TestHandshake();
+}
+
+TEST_F(SSLStreamAdapterTestDTLSExtensionPermutation,
+       ClientPermuteServerDisabled) {
+  Initialize("WebRTC-PermuteTlsClientHello/Enabled/",
+             "WebRTC-PermuteTlsClientHello/Disabled/");
   TestHandshake();
 }
commit	76430c0bf1085a07fbc1b80b4f8e4970193c87ab	[log] [tgz]
author	Philipp Hancke <phancke@meta.com>	Thu Jul 25 23:01:29 2024
committer	WebRTC LUCI CQ <webrtc-scoped@luci-project-accounts.iam.gserviceaccount.com>	Fri Jul 26 17:19:40 2024
tree	846f8dac4107f5ae0ea239b32b8e602f89e743bf
parent	12f9d5ce601a13cd45d56f40ed9ed94f3a90d91e [diff]