From 0264fbc02e94a24370ff68005e02aa53f10add58 Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Tue, 23 Sep 2025 00:26:32 +0800 Subject: [PATCH] drop initial packets when the handshake is confirmed --- connection.go | 3 +++ connection_test.go | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/connection.go b/connection.go index 2251af08..8d5af6f2 100644 --- a/connection.go +++ b/connection.go @@ -845,6 +845,9 @@ func (c *Conn) handleHandshakeComplete(now time.Time) error { } func (c *Conn) handleHandshakeConfirmed(now time.Time) error { + if err := c.dropEncryptionLevel(protocol.EncryptionInitial, now); err != nil { + return err + } if err := c.dropEncryptionLevel(protocol.EncryptionHandshake, now); err != nil { return err } diff --git a/connection_test.go b/connection_test.go index 30d7dd8c..d7b1d57d 100644 --- a/connection_test.go +++ b/connection_test.go @@ -1065,7 +1065,7 @@ func TestConnectionHandshakeServer(t *testing.T) { data, err := (&wire.CryptoFrame{Data: []byte("foobar")}).Append(nil, protocol.Version1) require.NoError(t, err) - cs.EXPECT().DiscardInitialKeys() + cs.EXPECT().DiscardInitialKeys().Times(2) gomock.InOrder( cs.EXPECT().StartHandshake(gomock.Any()), cs.EXPECT().NextEvent().Return(handshake.Event{Kind: handshake.EventNoEvent}), @@ -1216,6 +1216,7 @@ func testConnectionHandshakeClient(t *testing.T, usePreferredAddress bool) { unpacker.EXPECT().UnpackLongHeader(gomock.Any(), gomock.Any()).Return( &unpackedPacket{hdr: hdr, encryptionLevel: protocol.Encryption1RTT, data: data}, nil, ), + cs.EXPECT().DiscardInitialKeys(), cs.EXPECT().SetHandshakeConfirmed(), tc.packer.EXPECT().AppendPacket(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn( func(buf *packetBuffer, _ protocol.ByteCount, _ time.Time, _ protocol.Version) (shortHeaderPacket, error) {