kris/boringssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
33dad1b7a1
boringssl/ssl
History
David Benjamin 33dad1b7a1 Stop pretending to ssl_clear_bad_session. 
We broke this to varying degrees ages ago.

This is the logic to implement the variations of rules in TLS to discard
sessions after a failed connection, where a failed connection could be
one of:

- A connection that was not cleanly shut down.

- A connection that received a fatal alert.

The first one is nonsense since close_notify does not actually work in
the real world. The second is a vaguely more plausible but...

- A stateless ticket-based server can't drop sessions anyway.

- In TLS 1.3, a client may receive many tickets over the lifetime of a
  single connection. With an external session cache like ours which may,
  in theory, but multithreaded, this will be a huge hassle to track.

- A client may well attempt to establish a connection and reuse the
  session before we receive the fatal alert, so any application state we
  hope to manage won't really work.

- An attacker can always close the connection before the fatal alert, so
  whatever security policy clearing the session gave is easily
  bypassable.

Implementation-wise, this has basically never worked. The
ssl_clear_bad_session logic called into SSL_CTX_remove_session which
relied on the internal session cache. (Sessions not in the internal
session cache don't get removed.) The internal session cache was only
useful for a server, where tickets prevent this mechanism from doing
anything. For a client, we since removed the internal session cache, so
nothing got removed. The API for a client also did not work as it gave
the SSL_SESSION, not the SSL, so a consumer would not know the key to
invalidate anyway.

The recent session state splitting change further broke this.

Moreover, calling into SSL_CTX_remove_session logic like that is
extremely dubious because it mutates the not_resumable flag on the
SSL_SESSION which isn't thread-safe.

Spec-wise, TLS 1.3 has downgraded the MUST to a SHOULD.

Given all that mess, just remove this code. It is no longer necessary to
call SSL_shutdown just to make session caching work.

Change-Id: Ib601937bfc5f6b40436941e1c86566906bb3165d
Reviewed-on: https://boringssl-review.googlesource.com/9091
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>
2016-08-03 21:07:36 +00:00
..
test Adding NewSessionTicket. 2016-08-03 20:03:20 +00:00
CMakeLists.txt Add TLS 1.3 1-RTT. 2016-07-18 09:54:46 +00:00
custom_extensions.c Send unsupported_extension on unexpected ServerHello extensions. 2016-08-01 18:56:31 +00:00
d1_both.c Switch finish_handshake to release_current_message. 2016-07-28 22:59:18 +00:00
d1_lib.c Add SSL_is_dtls. 2016-08-02 20:43:58 +00:00
d1_pkt.c Move post-handshake message handling out of read_app_data. 2016-07-29 21:05:49 +00:00
d1_srtp.c Make kSRTPProfiles static. 2016-05-13 14:12:22 +00:00
dtls_method.c Switch finish_handshake to release_current_message. 2016-07-28 22:59:18 +00:00
dtls_record.c Fix the alias checks in dtls_record.c. 2016-06-09 21:11:22 +00:00
handshake_client.c Adding NewSessionTicket. 2016-08-03 20:03:20 +00:00
handshake_server.c Add a CBS version of SSL_early_callback_ctx_extension_get. 2016-08-03 20:47:05 +00:00
internal.h Stop pretending to ssl_clear_bad_session. 2016-08-03 21:07:36 +00:00
s3_both.c Splitting SSL session state. 2016-07-29 21:22:46 +00:00
s3_enc.c Splitting SSL session state. 2016-07-29 21:22:46 +00:00
s3_lib.c Splitting SSL session state. 2016-07-29 21:22:46 +00:00
s3_pkt.c Stop pretending to ssl_clear_bad_session. 2016-08-03 21:07:36 +00:00
ssl_aead_ctx.c Fixing iv_length for TLS 1.3. 2016-06-16 17:04:14 +00:00
ssl_asn1.c Adding NewSessionTicket. 2016-08-03 20:03:20 +00:00
ssl_buffer.c Add SSL_is_dtls. 2016-08-02 20:43:58 +00:00
ssl_cert.c Factor out the client_cert_cb code. 2016-07-20 09:25:52 +00:00
ssl_cipher.c Forbid PSK ciphers in TLS 1.3 for now. 2016-07-13 16:49:46 +00:00
ssl_ecdh.c Add BN_rand_range_ex and use internally. 2016-07-29 16:09:26 +00:00
ssl_file.c Banish SSL_add_dir_cert_subjects_to_stack and OPENSSL_DIR_CTX to decrepit. 2016-04-27 18:40:25 +00:00
ssl_lib.c Stop pretending to ssl_clear_bad_session. 2016-08-03 21:07:36 +00:00
ssl_rsa.c Give SSL_PRIVATE_KEY_METHOD a message-based API. 2016-07-15 18:26:45 +00:00
ssl_session.c Stop pretending to ssl_clear_bad_session. 2016-08-03 21:07:36 +00:00
ssl_stat.c Factor out the client_cert_cb code. 2016-07-20 09:25:52 +00:00
ssl_test.cc Add tests to ensure our ClientHello does not change. 2016-08-02 19:34:18 +00:00
t1_enc.c Splitting SSL session state. 2016-07-29 21:22:46 +00:00
t1_lib.c Add a CBS version of SSL_early_callback_ctx_extension_get. 2016-08-03 20:47:05 +00:00
tls13_both.c Adding NewSessionTicket. 2016-08-03 20:03:20 +00:00
tls13_client.c Adding NewSessionTicket. 2016-08-03 20:03:20 +00:00
tls13_enc.c Adding handling for KeyUpdate post-handshake message. 2016-07-29 23:06:09 +00:00
tls13_server.c Add a CBS version of SSL_early_callback_ctx_extension_get. 2016-08-03 20:47:05 +00:00
tls_method.c Switch finish_handshake to release_current_message. 2016-07-28 22:59:18 +00:00
tls_record.c Stop pretending to ssl_clear_bad_session. 2016-08-03 21:07:36 +00:00