Update the default retransmit timeout for DTLS
While DTLS 1.2 recommended 1 second, it's 2024 and RTTs are generally
much lower. I believe most of our important uses already reconfigure
this, but let's default to something better.
Update-Note: The default DTLS timer is now slightly lower.
Bug: 42290594
Change-Id: Iec3f01395ac0c3c03cdfd951cc14acddb40ce72f
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/72868
Auto-Submit: David Benjamin <davidben@google.com>
Reviewed-by: Nick Harper <nharper@chromium.org>
Commit-Queue: Nick Harper <nharper@chromium.org>
diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index b0abe11..1b3410e 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h
@@ -610,10 +610,8 @@
// DTLSv1_set_initial_timeout_duration sets the initial duration for a DTLS
// handshake timeout.
//
-// This duration overrides the default of 1 second, which is the strong
-// recommendation of RFC 6347 (see section 4.2.4.1). However, there may exist
-// situations where a shorter timeout would be beneficial, such as for
-// time-sensitive applications.
+// This duration overrides the default of 400 milliseconds, which is
+// recommendation of RFC 9147 for real-time protocols.
OPENSSL_EXPORT void DTLSv1_set_initial_timeout_duration(SSL *ssl,
unsigned duration_ms);
diff --git a/ssl/d1_lib.cc b/ssl/d1_lib.cc
index 29f4796..4759cea 100644
--- a/ssl/d1_lib.cc
+++ b/ssl/d1_lib.cc
@@ -122,7 +122,7 @@
}
void dtls1_start_timer(SSL *ssl) {
- // If timer is not set, initialize duration (by default, 1 second)
+ // If timer is not set, initialize duration.
if (ssl->d1->next_timeout.tv_sec == 0 && ssl->d1->next_timeout.tv_usec == 0) {
ssl->d1->timeout_duration_ms = ssl->initial_timeout_duration_ms;
}
diff --git a/ssl/internal.h b/ssl/internal.h
index e5cb15a..59845e9 100644
--- a/ssl/internal.h
+++ b/ssl/internal.h
@@ -4430,11 +4430,9 @@
// session info
// initial_timeout_duration_ms is the default DTLS timeout duration in
- // milliseconds. It's used to initialize the timer any time it's restarted.
- //
- // RFC 6347 states that implementations SHOULD use an initial timer value of 1
- // second.
- unsigned initial_timeout_duration_ms = 1000;
+ // milliseconds. It's used to initialize the timer any time it's restarted. We
+ // default to RFC 9147's recommendation for real-time applications, 400ms.
+ unsigned initial_timeout_duration_ms = 400;
// session is the configured session to be offered by the client. This session
// is immutable.
diff --git a/ssl/test/runner/runner.go b/ssl/test/runner/runner.go
index d4a82e6..e4cc89e 100644
--- a/ssl/test/runner/runner.go
+++ b/ssl/test/runner/runner.go
@@ -11485,17 +11485,17 @@
})
}
-// timeouts is the retransmit schedule for BoringSSL. It doubles and
+// timeouts is the default retransmit schedule for BoringSSL. It doubles and
// caps at 60 seconds. On the 13th timeout, it gives up.
var timeouts = []time.Duration{
- 1 * time.Second,
- 2 * time.Second,
- 4 * time.Second,
- 8 * time.Second,
- 16 * time.Second,
- 32 * time.Second,
- 60 * time.Second,
- 60 * time.Second,
+ 400 * time.Millisecond,
+ 800 * time.Millisecond,
+ 1600 * time.Millisecond,
+ 3200 * time.Millisecond,
+ 6400 * time.Millisecond,
+ 12800 * time.Millisecond,
+ 25600 * time.Millisecond,
+ 51200 * time.Millisecond,
60 * time.Second,
60 * time.Second,
60 * time.Second,
