Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS 1.3 session reuse (resumption) does not work (OpenSSL) #3202

Closed
mkauf opened this issue Oct 31, 2018 · 2 comments
Closed

TLS 1.3 session reuse (resumption) does not work (OpenSSL) #3202

mkauf opened this issue Oct 31, 2018 · 2 comments
Labels
TLS

Comments

@mkauf
Copy link
Contributor

@mkauf mkauf commented Oct 31, 2018

I did this

I have tested SSL/TLS session reuse with TLS 1.3 and "openssl s_server".

With TLS 1.3, curl creates two SSL sessions:

./curl -k -v https://localhost:4433/ https://localhost:4433/

Output:

New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384
...
New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384

With TLS 1.2, curl reuses the SSL session (as expected):

./curl -k -v --tls-max 1.2 https://localhost:4433/ https://localhost:4433/

Output:

New, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384
...
Reused, TLSv1.2, Cipher is ECDHE-RSA-AES256-GCM-SHA384

I expected the following

SSL/TLS session reuse works with TLS 1.3

curl/libcurl version

curl 7.62.0-DEV (x86_64-pc-linux-gnu) libcurl/7.62.0-DEV OpenSSL/1.1.1 zlib/1.2.11 nghttp2/1.32.1
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher http https imap imaps pop3 pop3s rtsp smb smbs smtp smtps telnet tftp 
Features: AsynchDNS IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP HTTP2 UnixSockets HTTPS-proxy

operating system

Linux

Hints

OpenSSL Wiki: TLS 1.3 - Sessions

curl should use the SSL_CTX_sess_set_new_cb function to set a "new session" callback.

Probably other SSL backends are also affected.
@mkauf mkauf added the TLS label Oct 31, 2018
@ghedo
Copy link
Member

@ghedo ghedo commented Nov 2, 2018

The problem I think is that curl disables session ticket resumption, and only performs session ID resumption, which is not available in TLS 1.3 anymore. Support for session ticket resumption is also a requirement for TLS 1.3 0-RTT support.

mkauf added a commit to mkauf/curl that referenced this issue Nov 14, 2018
@mkauf
openssl: support session resume with TLS 1.3
51ac485 
Session resumption information is not available immediately after a TLS 1.3
handshake. The client must wait until the server has sent a session ticket.

Use OpenSSL's "new session" callback to get the session information and put it
into curl's session cache. For TLS 1.3 sessions, this callback will be invoked
after the server has sent a session ticket.

The "new session" callback is invoked only if OpenSSL's session cache is
enabled, so enable it and use the "external storage" mode which lets curl manage
the contents of the session cache.

A pointer to the connection data and the sockindex are now saved as "SSL extra
data" to make them available to the callback.

This approach also works for old SSL/TLS versions and old OpenSSL versions.

Fixes curl#3202
@mkauf mkauf mentioned this issue Nov 14, 2018
Closed
@mkauf mkauf closed this as completed in 549310e Nov 21, 2018
@mkauf
Copy link
Contributor Author

@mkauf mkauf commented Nov 21, 2018

The problem I think is that curl disables session ticket resumption, and only performs session ID resumption, which is not available in TLS 1.3 anymore.

TLS 1.3 uses a new session resume mechanism, it's similar to the (old) session tickets, but it's not the same.

@lock lock bot locked as resolved and limited conversation to collaborators Feb 19, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
TLS
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ghedo @mkauf