From 275c172fec2b4dae0eea5ac2052a28848b4363ea Mon Sep 17 00:00:00 2001 From: Marten Seemann Date: Tue, 23 Sep 2025 00:26:32 +0800 Subject: [PATCH] drop initial packets when the handshake is confirmed --- connection.go | 3 +++ connection_test.go | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/connection.go b/connection.go index 879faec0..c9ce930c 100644 --- a/connection.go +++ b/connection.go @@ -789,6 +789,9 @@ func (s *connection) handleHandshakeComplete(now time.Time) error { } func (s *connection) handleHandshakeConfirmed(now time.Time) error { + if err := s.dropEncryptionLevel(protocol.EncryptionInitial, now); err != nil { + return err + } if err := s.dropEncryptionLevel(protocol.EncryptionHandshake, now); err != nil { return err } diff --git a/connection_test.go b/connection_test.go index d4ae04aa..15bfedec 100644 --- a/connection_test.go +++ b/connection_test.go @@ -1102,7 +1102,7 @@ func TestConnectionHandshakeServer(t *testing.T) { data, err := (&wire.CryptoFrame{Data: []byte("foobar")}).Append(nil, protocol.Version1) require.NoError(t, err) - cs.EXPECT().DiscardInitialKeys() + cs.EXPECT().DiscardInitialKeys().Times(2) tc.connRunner.EXPECT().Retire(gomock.Any()) gomock.InOrder( cs.EXPECT().StartHandshake(gomock.Any()), @@ -1254,6 +1254,7 @@ func testConnectionHandshakeClient(t *testing.T, usePreferredAddress bool) { unpacker.EXPECT().UnpackLongHeader(gomock.Any(), gomock.Any()).Return( &unpackedPacket{hdr: hdr, encryptionLevel: protocol.Encryption1RTT, data: data}, nil, ), + cs.EXPECT().DiscardInitialKeys(), cs.EXPECT().SetHandshakeConfirmed(), tc.packer.EXPECT().AppendPacket(gomock.Any(), gomock.Any(), gomock.Any(), gomock.Any()).DoAndReturn( func(buf *packetBuffer, _ protocol.ByteCount, _ time.Time, _ protocol.Version) (shortHeaderPacket, error) {