From f4a6690edc98e55cf84995198403be947c07be98 Mon Sep 17 00:00:00 2001
From: Tom Thorogood <me+github@tomthorogood.co.uk>
Date: Mon, 10 Apr 2017 02:01:24 +0930
Subject: [PATCH] crypto/tls: generate unique ticket_age_add for each ticket

#23 -- CLA ok -- re-author to me+google@tomthorogood.co.uk
---
 13.go | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/13.go b/13.go
index b333d6a..ccf14e5 100644
--- a/13.go
+++ b/13.go
@@ -556,15 +556,9 @@ func (hs *serverHandshakeState) sendSessionTicket13() error {
 	resumptionSecret := hkdfExpandLabel(hash, hs.masterSecret, handshakeCtx, "resumption master secret", hash.Size())
 
 	ageAddBuf := make([]byte, 4)
-	if _, err := io.ReadFull(c.config.rand(), ageAddBuf); err != nil {
-		c.sendAlert(alertInternalError)
-		return err
-	}
 	sessionState := &sessionState13{
-		vers:  c.vers,
-		suite: hs.suite.id,
-		ageAdd: uint32(ageAddBuf[0])<<24 | uint32(ageAddBuf[1])<<16 |
-			uint32(ageAddBuf[2])<<8 | uint32(ageAddBuf[3]),
+		vers:             c.vers,
+		suite:            hs.suite.id,
 		createdAt:        uint64(time.Now().Unix()),
 		resumptionSecret: resumptionSecret,
 		alpnProtocol:     c.clientProtocol,
@@ -573,6 +567,12 @@ func (hs *serverHandshakeState) sendSessionTicket13() error {
 	}
 
 	for i := 0; i < numSessionTickets; i++ {
+		if _, err := io.ReadFull(c.config.rand(), ageAddBuf); err != nil {
+			c.sendAlert(alertInternalError)
+			return err
+		}
+		sessionState.ageAdd = uint32(ageAddBuf[0])<<24 | uint32(ageAddBuf[1])<<16 |
+			uint32(ageAddBuf[2])<<8 | uint32(ageAddBuf[3])
 		ticket := sessionState.marshal()
 		var err error
 		if c.config.SessionTicketSealer != nil {