03a329f274
This change adds a new method to tls.Config, SetSessionTicketKeys, that changes the key used to encrypt session tickets while the server is running. Additional keys may be provided that will be used to maintain continuity while rotating keys. If a ticket encrypted with an old key is provided by the client, the server will resume the session and provide the client with a ticket encrypted using the new key. Fixes #9994 Change-Id: Idbc16b10ff39616109a51ed39a6fa208faad5b4e Reviewed-on: https://go-review.googlesource.com/9072 Reviewed-by: Jonathan Rudenberg <jonathan@titanous.com> Reviewed-by: Adam Langley <agl@golang.org>
116 lines
8.7 KiB
Plaintext
116 lines
8.7 KiB
Plaintext
>>> Flow 1 (client to server)
|
|
00000000 16 03 01 01 6b 01 00 01 67 03 03 e4 b0 a0 f0 85 |....k...g.......|
|
|
00000010 a5 8c 96 5d 78 c5 a5 f4 f2 d5 01 68 5c f3 c5 7d |...]x......h\..}|
|
|
00000020 00 d9 7c 0d b6 ca b4 6c c0 0e 79 00 00 b6 c0 30 |..|....l..y....0|
|
|
00000030 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 |.,.(.$..........|
|
|
00000040 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 |...k.j.i.h.9.8.7|
|
|
00000050 00 36 00 88 00 87 00 86 00 85 c0 32 c0 2e c0 2a |.6.........2...*|
|
|
00000060 c0 26 c0 0f c0 05 00 9d 00 3d 00 35 00 84 c0 2f |.&.......=.5.../|
|
|
00000070 c0 2b c0 27 c0 23 c0 13 c0 09 00 a4 00 a2 00 a0 |.+.'.#..........|
|
|
00000080 00 9e 00 67 00 40 00 3f 00 3e 00 33 00 32 00 31 |...g.@.?.>.3.2.1|
|
|
00000090 00 30 00 9a 00 99 00 98 00 97 00 45 00 44 00 43 |.0.........E.D.C|
|
|
000000a0 00 42 c0 31 c0 2d c0 29 c0 25 c0 0e c0 04 00 9c |.B.1.-.).%......|
|
|
000000b0 00 3c 00 2f 00 96 00 41 00 07 c0 11 c0 07 c0 0c |.<./...A........|
|
|
000000c0 c0 02 00 05 00 04 c0 12 c0 08 00 16 00 13 00 10 |................|
|
|
000000d0 00 0d c0 0d c0 03 00 0a 00 15 00 12 00 0f 00 0c |................|
|
|
000000e0 00 09 00 ff 02 01 00 00 87 00 0b 00 04 03 00 01 |................|
|
|
000000f0 02 00 0a 00 3a 00 38 00 0e 00 0d 00 19 00 1c 00 |....:.8.........|
|
|
00000100 0b 00 0c 00 1b 00 18 00 09 00 0a 00 1a 00 16 00 |................|
|
|
00000110 17 00 08 00 06 00 07 00 14 00 15 00 04 00 05 00 |................|
|
|
00000120 12 00 13 00 01 00 02 00 03 00 0f 00 10 00 11 00 |................|
|
|
00000130 23 00 00 00 0d 00 20 00 1e 06 01 06 02 06 03 05 |#..... .........|
|
|
00000140 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 |................|
|
|
00000150 03 02 01 02 02 02 03 00 0f 00 01 01 00 10 00 10 |................|
|
|
00000160 00 0e 06 70 72 6f 74 6f 32 06 70 72 6f 74 6f 31 |...proto2.proto1|
|
|
>>> Flow 2 (server to client)
|
|
00000000 16 03 03 00 42 02 00 00 3e 03 03 00 00 00 00 00 |....B...>.......|
|
|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
|
|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 c0 30 00 00 |.............0..|
|
|
00000030 16 00 23 00 00 ff 01 00 01 00 00 10 00 09 00 07 |..#.............|
|
|
00000040 06 70 72 6f 74 6f 31 16 03 03 02 be 0b 00 02 ba |.proto1.........|
|
|
00000050 00 02 b7 00 02 b4 30 82 02 b0 30 82 02 19 a0 03 |......0...0.....|
|
|
00000060 02 01 02 02 09 00 85 b0 bb a4 8a 7f b8 ca 30 0d |..............0.|
|
|
00000070 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 45 31 |..*.H........0E1|
|
|
00000080 0b 30 09 06 03 55 04 06 13 02 41 55 31 13 30 11 |.0...U....AU1.0.|
|
|
00000090 06 03 55 04 08 13 0a 53 6f 6d 65 2d 53 74 61 74 |..U....Some-Stat|
|
|
000000a0 65 31 21 30 1f 06 03 55 04 0a 13 18 49 6e 74 65 |e1!0...U....Inte|
|
|
000000b0 72 6e 65 74 20 57 69 64 67 69 74 73 20 50 74 79 |rnet Widgits Pty|
|
|
000000c0 20 4c 74 64 30 1e 17 0d 31 30 30 34 32 34 30 39 | Ltd0...10042409|
|
|
000000d0 30 39 33 38 5a 17 0d 31 31 30 34 32 34 30 39 30 |0938Z..110424090|
|
|
000000e0 39 33 38 5a 30 45 31 0b 30 09 06 03 55 04 06 13 |938Z0E1.0...U...|
|
|
000000f0 02 41 55 31 13 30 11 06 03 55 04 08 13 0a 53 6f |.AU1.0...U....So|
|
|
00000100 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 03 55 04 |me-State1!0...U.|
|
|
00000110 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 69 64 67 |...Internet Widg|
|
|
00000120 69 74 73 20 50 74 79 20 4c 74 64 30 81 9f 30 0d |its Pty Ltd0..0.|
|
|
00000130 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 81 8d |..*.H...........|
|
|
00000140 00 30 81 89 02 81 81 00 bb 79 d6 f5 17 b5 e5 bf |.0.......y......|
|
|
00000150 46 10 d0 dc 69 be e6 2b 07 43 5a d0 03 2d 8a 7a |F...i..+.CZ..-.z|
|
|
00000160 43 85 b7 14 52 e7 a5 65 4c 2c 78 b8 23 8c b5 b4 |C...R..eL,x.#...|
|
|
00000170 82 e5 de 1f 95 3b 7e 62 a5 2c a5 33 d6 fe 12 5c |.....;~b.,.3...\|
|
|
00000180 7a 56 fc f5 06 bf fa 58 7b 26 3f b5 cd 04 d3 d0 |zV.....X{&?.....|
|
|
00000190 c9 21 96 4a c7 f4 54 9f 5a bf ef 42 71 00 fe 18 |.!.J..T.Z..Bq...|
|
|
000001a0 99 07 7f 7e 88 7d 7d f1 04 39 c4 a2 2e db 51 c9 |...~.}}..9....Q.|
|
|
000001b0 7c e3 c0 4c 3b 32 66 01 cf af b1 1d b8 71 9a 1d ||..L;2f......q..|
|
|
000001c0 db db 89 6b ae da 2d 79 02 03 01 00 01 a3 81 a7 |...k..-y........|
|
|
000001d0 30 81 a4 30 1d 06 03 55 1d 0e 04 16 04 14 b1 ad |0..0...U........|
|
|
000001e0 e2 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e 18 |..Z..(.i.#i..&..|
|
|
000001f0 88 39 30 75 06 03 55 1d 23 04 6e 30 6c 80 14 b1 |.90u..U.#.n0l...|
|
|
00000200 ad e2 85 5a cf cb 28 db 69 ce 23 69 de d3 26 8e |...Z..(.i.#i..&.|
|
|
00000210 18 88 39 a1 49 a4 47 30 45 31 0b 30 09 06 03 55 |..9.I.G0E1.0...U|
|
|
00000220 04 06 13 02 41 55 31 13 30 11 06 03 55 04 08 13 |....AU1.0...U...|
|
|
00000230 0a 53 6f 6d 65 2d 53 74 61 74 65 31 21 30 1f 06 |.Some-State1!0..|
|
|
00000240 03 55 04 0a 13 18 49 6e 74 65 72 6e 65 74 20 57 |.U....Internet W|
|
|
00000250 69 64 67 69 74 73 20 50 74 79 20 4c 74 64 82 09 |idgits Pty Ltd..|
|
|
00000260 00 85 b0 bb a4 8a 7f b8 ca 30 0c 06 03 55 1d 13 |.........0...U..|
|
|
00000270 04 05 30 03 01 01 ff 30 0d 06 09 2a 86 48 86 f7 |..0....0...*.H..|
|
|
00000280 0d 01 01 05 05 00 03 81 81 00 08 6c 45 24 c7 6b |...........lE$.k|
|
|
00000290 b1 59 ab 0c 52 cc f2 b0 14 d7 87 9d 7a 64 75 b5 |.Y..R.......zdu.|
|
|
000002a0 5a 95 66 e4 c5 2b 8e ae 12 66 1f eb 4f 38 b3 6e |Z.f..+...f..O8.n|
|
|
000002b0 60 d3 92 fd f7 41 08 b5 25 13 b1 18 7a 24 fb 30 |`....A..%...z$.0|
|
|
000002c0 1d ba ed 98 b9 17 ec e7 d7 31 59 db 95 d3 1d 78 |.........1Y....x|
|
|
000002d0 ea 50 56 5c d5 82 5a 2d 5a 5f 33 c4 b6 d8 c9 75 |.PV\..Z-Z_3....u|
|
|
000002e0 90 96 8c 0f 52 98 b5 cd 98 1f 89 20 5f f2 a0 1c |....R...... _...|
|
|
000002f0 a3 1b 96 94 dd a9 fd 57 e9 70 e8 26 6d 71 99 9b |.......W.p.&mq..|
|
|
00000300 26 6e 38 50 29 6c 90 a7 bd d9 16 03 03 00 cd 0c |&n8P)l..........|
|
|
00000310 00 00 c9 03 00 17 41 04 1e 18 37 ef 0d 19 51 88 |......A...7...Q.|
|
|
00000320 35 75 71 b5 e5 54 5b 12 2e 8f 09 67 fd a7 24 20 |5uq..T[....g..$ |
|
|
00000330 3e b2 56 1c ce 97 28 5e f8 2b 2d 4f 9e f1 07 9f |>.V...(^.+-O....|
|
|
00000340 6c 4b 5b 83 56 e2 32 42 e9 58 b6 d7 49 a6 b5 68 |lK[.V.2B.X..I..h|
|
|
00000350 1a 41 03 56 6b dc 5a 89 04 01 00 80 b6 f9 b6 2b |.A.Vk.Z........+|
|
|
00000360 15 b8 ef 70 37 61 64 f3 f3 a5 d9 da ce 13 b5 e1 |...p7ad.........|
|
|
00000370 0b 24 eb 11 a7 df 86 a9 ef 88 ef af 17 7d 02 56 |.$...........}.V|
|
|
00000380 ec 59 32 c9 5c 06 a4 ce 10 c7 6f 6a f3 e0 43 6a |.Y2.\.....oj..Cj|
|
|
00000390 02 99 f4 7b 14 65 dc a5 a0 af 10 3e a8 40 35 2b |...{.e.....>.@5+|
|
|
000003a0 c6 a1 31 b6 26 e9 89 0f 06 61 6f 2e 6c f4 70 69 |..1.&....ao.l.pi|
|
|
000003b0 e5 01 80 3d fe 4d 59 ad cb 2f b8 c1 df 5f 36 f7 |...=.MY../..._6.|
|
|
000003c0 cc a6 31 84 61 c0 e8 c5 95 37 9c e6 0d 2b 78 0c |..1.a....7...+x.|
|
|
000003d0 45 cf 69 5d fa 3a 8b 31 ea 22 60 31 16 03 03 00 |E.i].:.1."`1....|
|
|
000003e0 04 0e 00 00 00 |.....|
|
|
>>> Flow 3 (client to server)
|
|
00000000 16 03 03 00 46 10 00 00 42 41 04 8d 5a 5d 91 04 |....F...BA..Z]..|
|
|
00000010 79 46 1b f1 12 3f d5 ca 57 18 5f 4d 71 d9 eb f8 |yF...?..W._Mq...|
|
|
00000020 90 f6 ed 75 b9 0c 2b 6e 67 cb 3a ae cc 6d 61 af |...u..+ng.:..ma.|
|
|
00000030 30 87 1b a6 21 d6 90 16 84 b0 65 3d 7f cc 96 ed |0...!.....e=....|
|
|
00000040 9e 68 38 e5 10 27 c3 23 48 40 f9 14 03 03 00 01 |.h8..'.#H@......|
|
|
00000050 01 16 03 03 00 28 7b a4 d0 fd 15 36 9b 1f 6e 4f |.....({....6..nO|
|
|
00000060 a9 d7 61 3f 58 93 5e 1b 10 be a1 8c c9 2f 39 74 |..a?X.^....../9t|
|
|
00000070 23 9a 1e ba 5b 3b e7 f0 32 b7 14 2e ae 0b |#...[;..2.....|
|
|
>>> Flow 4 (server to client)
|
|
00000000 16 03 03 00 82 04 00 00 7e 00 00 00 00 00 78 50 |........~.....xP|
|
|
00000010 46 ad c1 db a8 38 86 7b 2b bb fd d0 c3 42 3e 00 |F....8.{+....B>.|
|
|
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 94 |................|
|
|
00000030 6f ec 80 83 61 dc ee 0e 43 06 28 f4 47 1a d7 25 |o...a...C.(.G..%|
|
|
00000040 f2 fa 66 d5 81 21 51 81 a8 47 2d a5 db e1 f2 84 |..f..!Q..G-.....|
|
|
00000050 ea 55 da 3e cf 97 fd 7e 63 68 50 e3 2d 48 5a 58 |.U.>...~chP.-HZX|
|
|
00000060 77 36 a2 9f 3f 33 94 65 de 9e e6 65 22 6f 1d c8 |w6..?3.e...e"o..|
|
|
00000070 46 80 2d 0b 83 41 5e c6 20 f6 c3 22 5f bb 7a 9b |F.-..A^. .."_.z.|
|
|
00000080 28 07 9c 5e b7 30 35 14 03 03 00 01 01 16 03 03 |(..^.05.........|
|
|
00000090 00 28 00 00 00 00 00 00 00 00 4a 1c a6 1e 78 e1 |.(........J...x.|
|
|
000000a0 4c 58 56 f5 6e 78 ae 11 7a dc 93 65 4b 46 6e b8 |LXV.nx..z..eKFn.|
|
|
000000b0 b6 2e 42 bc 71 81 61 3c 14 95 17 03 03 00 25 00 |..B.q.a<......%.|
|
|
000000c0 00 00 00 00 00 00 01 6e af 22 60 44 9b 18 e7 21 |.......n."`D...!|
|
|
000000d0 d9 c3 8d 48 8c 94 f1 aa cc 9d a4 11 ba b7 f2 0f |...H............|
|
|
000000e0 a2 91 e6 50 15 03 03 00 1a 00 00 00 00 00 00 00 |...P............|
|
|
000000f0 02 65 58 88 05 97 4a 2a 72 f5 03 da 53 24 4c b0 |.eX...J*r...S$L.|
|
|
00000100 01 4e 02 |.N.|
|