Pick the DTLS handshake timeout based on the ICE RTT estimate

webrtc/base/opensslstreamadapter.cc

Index: webrtc/base/opensslstreamadapter.cc
diff --git a/webrtc/base/opensslstreamadapter.cc b/webrtc/base/opensslstreamadapter.cc
index 83efdc8bc0579493018eb7604ba99fb965e25d1a..4b226369f6177b0150ce34d9391cc47a6652f747 100644
--- a/webrtc/base/opensslstreamadapter.cc
+++ b/webrtc/base/opensslstreamadapter.cc
@@ -523,6 +523,11 @@ void OpenSSLStreamAdapter::SetMaxProtocolVersion(SSLProtocolVersion version) {
   ssl_max_version_ = version;
 }
 
+void OpenSSLStreamAdapter::SetHandshakeTimeout(int timeout_ms) {
+  RTC_DCHECK(ssl_ctx_ == NULL);

[Taylor Brandstetter, 2017/02/02 18:07:41]

Should leave a comment in the header file saying that this can only be called
before StartSSL.

[skvlad, 2017/02/02 22:19:33]

Done.

+  dtls_handshake_timeout_ms_ = timeout_ms;
+}
+
 //
 // StreamInterface Implementation
 //
@@ -800,11 +805,10 @@ int OpenSSLStreamAdapter::BeginSSL() {
   SSL_set_bio(ssl_, bio, bio);  // the SSL object owns the bio now.
   if (ssl_mode_ == SSL_MODE_DTLS) {
 #ifdef OPENSSL_IS_BORINGSSL
-    // Change the initial retransmission timer from 1 second to 50ms.
-    // This will likely result in some spurious retransmissions, but
-    // it's useful for ensuring a timely handshake when there's packet
-    // loss.
-    DTLSv1_set_initial_timeout_duration(ssl_, 50);
+    // Change the initial retransmission timer to the value selected to match
+    // the connection RTT. This ensures fast connection setup without excessive
+    // bandwidth usage.

[Taylor Brandstetter, 2017/02/02 18:07:41]

This comment is a little out of place here; this class doesn't know how the
timer value was selected.

[skvlad, 2017/02/02 22:19:33]

Acknowledged.

+    DTLSv1_set_initial_timeout_duration(ssl_, dtls_handshake_timeout_ms_);
 #else
     // Enable read-ahead for DTLS so whole packets are read from internal BIO
     // before parsing. This is done internally by BoringSSL for DTLS.