New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TLS 1.3 session reuse (resumption) does not work (OpenSSL) #3202

Closed
mkauf opened this Issue Oct 31, 2018 · 2 comments

Comments

Projects
None yet
2 participants
@mkauf
Contributor

mkauf commented Oct 31, 2018

I did this

I have tested SSL/TLS session reuse with TLS 1.3 and "openssl s_server".

With TLS 1.3, curl creates two SSL sessions:

./curl -k -v https://localhost:4433/ https://localhost:4433/

Output:

New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
...
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384

With TLS 1.2, curl reuses the SSL session (as expected):

./curl -k -v --tls-max 1.2 https://localhost:4433/ https://localhost:4433/

Output:

New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
...
Reused, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384

I expected the following

SSL/TLS session reuse works with TLS 1.3

curl/libcurl version

curl 7.62.0-DEV (x86_64-pc-linux-gnu) libcurl/7.62.0-DEV OpenSSL/1.1.1 zlib/1.2.11 nghttp2/1.32.1
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy 

operating system

Linux

Hints

OpenSSL Wiki: TLS 1.3 - Sessions

curl should use the SSL_CTX_sess_set_new_cb function to set a "new session" callback.

Probably other SSL backends are also affected.

@mkauf mkauf added the SSL/TLS label Oct 31, 2018

@ghedo

This comment has been minimized.

Member

ghedo commented Nov 2, 2018

The problem I think is that curl disables session ticket resumption, and only performs session ID resumption, which is not available in TLS 1.3 anymore. Support for session ticket resumption is also a requirement for TLS 1.3 0-RTT support.

mkauf added a commit to mkauf/curl that referenced this issue Nov 14, 2018

openssl: support session resume with TLS 1.3
Session resumption information is not available immediately after a TLS 1.3
handshake. The client must wait until the server has sent a session ticket.

Use OpenSSL's "new session" callback to get the session information and put it
into curl's session cache. For TLS 1.3 sessions, this callback will be invoked
after the server has sent a session ticket.

The "new session" callback is invoked only if OpenSSL's session cache is
enabled, so enable it and use the "external storage" mode which lets curl manage
the contents of the session cache.

A pointer to the connection data and the sockindex are now saved as "SSL extra
data" to make them available to the callback.

This approach also works for old SSL/TLS versions and old OpenSSL versions.

Fixes curl#3202

@mkauf mkauf closed this in 549310e Nov 21, 2018

@mkauf

This comment has been minimized.

Contributor

mkauf commented Nov 21, 2018

The problem I think is that curl disables session ticket resumption, and only performs session ID resumption, which is not available in TLS 1.3 anymore.

TLS 1.3 uses a new session resume mechanism, it's similar to the (old) session tickets, but it's not the same.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment