Commit Graph

11 Commits

Author SHA1 Message Date
Peter Wu
69dddf0612 tris: update NewSessionTicket for draft -19 and -21
D19: use early_data instead of custom ticket_early_data_info extension
codepoint. D21: new ticket nonce field and change in PSK calculation.
This nonce provides some minor security advantage in case one of the PSK
is compromised (which would leak the resumption master secret).

Rename "resumptionSecret" to "pskSecret" in sessionState13 to reflect
the D21 change and use constant-time comparison for the secret.

Also fix potential panic if the ticket is large enough, but the
extensions are missing.
2017-12-13 17:49:25 +00:00
Filippo Valsorda
7f449cbaa7 tris: add SessionTicketSealer 2017-09-05 21:06:35 +01:00
Filippo Valsorda
4191962f25 crypto/tls: use correct alerts
BoGo: Resume-Server-PSKBinderFirstExtension
BoGo: Resume-Server-ExtraPSKBinder
BoGo: Resume-Server-ExtraIdentityNoBinder
BoGo: Renegotiate-Server-Forbidden
BoGo: NoNullCompression
BoGo: TrailingMessageData-*
2017-09-05 21:06:35 +01:00
Filippo Valsorda
180bfdbd68 crypto/tls: finish the session ticket state checks 2017-09-05 21:06:34 +01:00
Filippo Valsorda
f8c15889af crypto/tls: implement TLS 1.3 server 0-RTT 2017-09-05 21:06:34 +01:00
Filippo Valsorda
ee3048cfd2 crypto/tls: implement TLS 1.3 server PSK 2017-09-05 21:06:34 +01:00
Filippo Valsorda
453bd6af77 crypto/tls: implement TLS 1.3 PSK messages 2017-09-05 21:06:34 +01:00
Emmanuel Odeke
e15014c62b crypto/tls: minor refactors for readability
Change-Id: I93e73f16474b4b31f7097af2f9479822dfc34c5c
Reviewed-on: https://go-review.googlesource.com/20678
Reviewed-by: Adam Langley <agl@golang.org>
2016-03-14 21:17:37 +00:00
Jonathan Rudenberg
03a329f274 crypto/tls: add support for session ticket key rotation
This change adds a new method to tls.Config, SetSessionTicketKeys, that
changes the key used to encrypt session tickets while the server is
running. Additional keys may be provided that will be used to maintain
continuity while rotating keys. If a ticket encrypted with an old key is
provided by the client, the server will resume the session and provide
the client with a ticket encrypted using the new key.

Fixes #9994

Change-Id: Idbc16b10ff39616109a51ed39a6fa208faad5b4e
Reviewed-on: https://go-review.googlesource.com/9072
Reviewed-by: Jonathan Rudenberg <jonathan@titanous.com>
Reviewed-by: Adam Langley <agl@golang.org>
2015-04-26 20:57:28 +00:00
Adam Langley
d279bab6f5 crypto/tls: ensure that we don't resume when tickets are disabled.
LGTM=r
R=r, adg, rsc
https://golang.org/cl/148080043
2014-09-26 11:02:09 +10:00
Adam Langley
13d26a420a crypto/tls: support session ticket resumption.
Session resumption saves a round trip and removes the need to perform
the public-key operations of a TLS handshake when both the client and
server support it (which is true of Firefox and Chrome, at least).

R=golang-dev, bradfitz, rsc
CC=golang-dev
https://golang.org/cl/6555051
2012-09-24 16:52:43 -04:00