Skip to content

/curl

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

TLS 1.3 session reuse (resumption) does not work (OpenSSL) #3202

Closed
mkauf opened this issue Oct 31, 2018 · 2 comments

Comments

Assignees
No one assigned
Labels
SSL/TLS
Projects
None yet
Milestone
No milestone
2 participants
@mkauf @ghedo
@mkauf
Copy link
Contributor

commented Oct 31, 2018

I did this

I have tested SSL/TLS session reuse with TLS 1.3 and "openssl s_server".

With TLS 1.3, curl creates two SSL sessions:

./curl -k -v https://localhost:4433/ https://localhost:4433/

Output:

New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
...
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384

With TLS 1.2, curl reuses the SSL session (as expected):

./curl -k -v --tls-max 1.2 https://localhost:4433/ https://localhost:4433/

Output:

New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
...
Reused, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384

I expected the following

SSL/TLS session reuse works with TLS 1.3

curl/libcurl version

curl 7.62.0-DEV (x86_64-pc-linux-gnu) libcurl/7.62.0-DEV OpenSSL/1.1.1 zlib/1.2.11 nghttp2/1.32.1
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy

operating system

Linux

Hints

OpenSSL Wiki: TLS 1.3 - Sessions

curl should use the SSL_CTX_sess_set_new_cb function to set a "new session" callback.

Probably other SSL backends are also affected.

@mkauf mkauf added the SSL/TLS label Oct 31, 2018

@ghedo

This comment has been minimized.

Sign in to view
Copy link
Member

commented Nov 2, 2018

The problem I think is that curl disables session ticket resumption, and only performs session ID resumption, which is not available in TLS 1.3 anymore. Support for session ticket resumption is also a requirement for TLS 1.3 0-RTT support.

mkauf added a commit to mkauf/curl that referenced this issue Nov 14, 2018

@mkauf
openssl: support session resume with TLS 1.3 
Session resumption information is not available immediately after a TLS 1.3
handshake. The client must wait until the server has sent a session ticket.

Use OpenSSL's "new session" callback to get the session information and put it
into curl's session cache. For TLS 1.3 sessions, this callback will be invoked
after the server has sent a session ticket.

The "new session" callback is invoked only if OpenSSL's session cache is
enabled, so enable it and use the "external storage" mode which lets curl manage
the contents of the session cache.

A pointer to the connection data and the sockindex are now saved as "SSL extra
data" to make them available to the callback.

This approach also works for old SSL/TLS versions and old OpenSSL versions.

Fixes curl#3202
51ac485

@mkauf mkauf referenced this issue Nov 14, 2018

Closed

openssl: support session resume with TLS 1.3 #3271

@mkauf mkauf closed this in 549310e Nov 21, 2018

@mkauf

This comment has been minimized.

Sign in to view
Copy link
Contributor Author

commented Nov 21, 2018

The problem I think is that curl disables session ticket resumption, and only performs session ID resumption, which is not available in TLS 1.3 anymore.

TLS 1.3 uses a new session resume mechanism, it's similar to the (old) session tickets, but it's not the same.

@lock lock bot locked as resolved and limited conversation to collaborators Feb 19, 2019

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.