kris/th5
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
Alternative TLS implementation in Go
267 Commits 3 Branches 0 Tags 2.6 MiB
Go 99.8%
Shell 0.2%
ca4a3279f9
Go to file
David Benjamin ca4a3279f9 crypto/tls: Enforce that version and cipher match on resume. 
Per RFC 5246, 7.4.1.3:

   cipher_suite
      The single cipher suite selected by the server from the list in
      ClientHello.cipher_suites.  For resumed sessions, this field is
      the value from the state of the session being resumed.

The specifications are not very clearly written about resuming sessions
at the wrong version (i.e. is the TLS 1.0 notion of "session" the same
type as the TLS 1.1 notion of "session"?). But every other
implementation enforces this check and not doing so has some odd
semantics.

Change-Id: I6234708bd02b636c25139d83b0d35381167e5cad
Reviewed-on: https://go-review.googlesource.com/21153
Reviewed-by: Adam Langley <agl@golang.org>
2016-04-12 01:07:46 +00:00
testdata crypto/tls: add TLS_RSA_WITH_AES_128_GCM_SHA256 and TLS_RSA_WITH_AES_256_GCM_SHA384 cipher suites 2015-11-15 20:59:11 +00:00
alert.go crypto/tls: support TLS_FALLBACK_SCSV as a server. 2014-10-15 17:54:04 -07:00
cipher_suites.go crypto/tls: Update references to draft-ietf-tls-downgrade-scsv-00. 2016-03-25 22:10:37 +00:00
common.go all: delete dead non-test code 2016-03-25 06:28:13 +00:00
conn_test.go crypto/tls: implement dynamic record sizing 2016-03-12 00:47:13 +00:00
conn.go all: delete dead non-test code 2016-03-25 06:28:13 +00:00
example_test.go crypto/x509: add example of using a custom root list. 2014-02-19 11:18:35 -05:00
generate_cert.go crypto/tls: Support ECDSA keys in generate_cert.go 2014-07-28 14:46:34 -07:00
handshake_client_test.go crypto/tls: check errors from (*Conn).writeRecord 2016-03-02 18:20:46 +00:00
handshake_client.go crypto/tls: Enforce that version and cipher match on resume. 2016-04-12 01:07:46 +00:00
handshake_messages_test.go crypto/tls: decouple handshake signatures from the handshake hash. 2015-04-30 03:47:02 +00:00
handshake_messages.go crypto/tls: minor refactors for readability 2016-03-14 21:17:37 +00:00
handshake_server_test.go crypto/tls: check errors from (*Conn).writeRecord 2016-03-02 18:20:46 +00:00
handshake_server.go crypto/tls: Update references to draft-ietf-tls-downgrade-scsv-00. 2016-03-25 22:10:37 +00:00
handshake_test.go crypto/tls: rework reference tests. 2013-12-20 11:37:05 -05:00
key_agreement.go all: single space after period. 2016-03-02 00:13:47 +00:00
prf_test.go crypto/tls: decouple handshake signatures from the handshake hash. 2015-04-30 03:47:02 +00:00
prf.go crypto/tls: len(clientRandom) used for serverRandom source 2015-11-10 22:17:54 +00:00
ticket.go crypto/tls: minor refactors for readability 2016-03-14 21:17:37 +00:00
tls_test.go crypto/tls: test for timeout error using the net.Error interface 2016-03-08 22:40:49 +00:00
tls.go crypto/tls: minor refactors for readability 2016-03-14 21:17:37 +00:00