diff --git a/13.go b/13.go index dd6d392..5eb4162 100644 --- a/13.go +++ b/13.go @@ -19,6 +19,7 @@ func (hs *serverHandshakeState) doTLS13Handshake() error { c := hs.c hs.c.cipherSuite, hs.hello13.cipherSuite = hs.suite.id, hs.suite.id + hs.c.clientHello = hs.clientHello.marshal() // When picking the group for the handshake, priority is given to groups // that the client provided a keyShare for, so to avoid a round-trip. diff --git a/common.go b/common.go index f9eae48..80db411 100644 --- a/common.go +++ b/common.go @@ -174,6 +174,7 @@ var supportedSignatureAlgorithms = []signatureAndHash{ // ConnectionState records basic TLS details about the connection. type ConnectionState struct { + ConnectionID []byte // Random unique connection id Version uint16 // TLS version used by the connection (e.g. VersionTLS12) HandshakeComplete bool // TLS handshake is complete DidResume bool // connection resumes a previous TLS connection @@ -193,6 +194,8 @@ type ConnectionState struct { // change in future versions of Go once the TLS master-secret fix has // been standardized and implemented. TLSUnique []byte + + ClientHello []byte // ClientHello packet } // ClientAuthType declares the policy the server will follow for diff --git a/conn.go b/conn.go index ea0643c..61cfa72 100644 --- a/conn.go +++ b/conn.go @@ -34,6 +34,8 @@ type Conn struct { // to wait for the handshake can wait on this, under handshakeMutex. handshakeCond *sync.Cond handshakeErr error // error resulting from handshake + connID []byte // Random connection id + clientHello []byte // ClientHello packet contents vers uint16 // TLS version haveVers bool // version has been negotiated config *Config // configuration passed to constructor @@ -1363,6 +1365,11 @@ func (c *Conn) Handshake() error { panic("handshake should not have been able to complete after handshakeCond was set") } + c.connID = make([]byte, 8) + if _, err := io.ReadFull(c.config.rand(), c.connID); err != nil { + return err + } + if c.isClient { c.handshakeErr = c.clientHandshake() } else { @@ -1398,6 +1405,8 @@ func (c *Conn) ConnectionState() ConnectionState { state.ServerName = c.serverName if c.handshakeComplete { + state.ConnectionID = c.connID + state.ClientHello = c.clientHello state.Version = c.vers state.NegotiatedProtocol = c.clientProtocol state.DidResume = c.didResume