Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: add fields to ClientHelloInfo #17430

Closed
FiloSottile opened this issue Oct 13, 2016 · 7 comments
Closed

crypto/tls: add fields to ClientHelloInfo #17430

FiloSottile opened this issue Oct 13, 2016 · 7 comments
Assignees
Milestone

Comments

@FiloSottile
Copy link
Member

@FiloSottile FiloSottile commented Oct 13, 2016

ClientHelloInfo is how callbacks make decisions on how to treat an incoming connection, which is becoming very powerful with https://golang.org/cl/30790/

As mentioned in #16066 (comment) it would be useful to have some more information in there.

The Cloudflare fork exposes Version, SignatureSchemes and LocalAddr. RemoteAddr seems fitting for completeness. ALPNProtocols as asked in #16066.

Looking at clientHelloMsg, only session resumption information, ocspStapling and scts are left, for which I can't think of a use case.

@titanous

This comment has been minimized.

Copy link
Member

@titanous titanous commented Oct 13, 2016

Looking at clientHelloMsg, only session resumption information, ocspStapling and scts are left, for which I can't think of a use case.

It would be useful to have access to all of the information provided in the ClientHello to collect statistics on handshakes.

@FiloSottile

This comment has been minimized.

Copy link
Member Author

@FiloSottile FiloSottile commented Oct 13, 2016

@titanous Something we did again in the Cloudflare fork is expose the serialized CH in the ConnectionState, but I don't think anything that low-level fits in the standard library. Or did you have anything else in mind?

@titanous

This comment has been minimized.

Copy link
Member

@titanous titanous commented Oct 13, 2016

Something we did again in the Cloudflare fork is expose the serialized CH in the ConnectionState, but I don't think anything that low-level fits in the standard library. Or did you have anything else in mind?

It's not unprecedented. x509.Certificate has a bunch of Raw* fields. Another option would be exposing all parameters/extensions that the package is aware of and then using a single field for all unknown extensions.

@FiloSottile

This comment has been minimized.

Copy link
Member Author

@FiloSottile FiloSottile commented Oct 13, 2016

True, but then I would go for having a high-level CHI, and a RawClientHello, rather than polluting CHI with sort-of-raw fields. Opinions on whether it should go on CHI or on ConnState? We wanted it in ConnState so we could observe it from a http.Handler. Maybe ConnectionState should expose a CHI?

Also, in 1.3 a CH might be a significant chunk of memory to keep around.

@FiloSottile

This comment has been minimized.

Copy link
Member Author

@FiloSottile FiloSottile commented Oct 13, 2016

Here is my patch on top of https://golang.org/cl/30790/, which I can't submit yet because the Go Gerrit does not seem to support CL with dependencies on CLs by other authors.

SupportedVersions is terrible, but needed to be forward-compatible with the TLS 1.3 extension-based version negotiation. The SignatureSchemes term is stolen from 1.3 and is uint16 to be forward-compatible.

/cc @agl

EDIT: patch mailed

@bradfitz bradfitz added this to the Go1.8Maybe milestone Oct 16, 2016
@bradfitz

This comment has been minimized.

Copy link
Contributor

@bradfitz bradfitz commented Oct 16, 2016

@agl, decision?

@gopherbot

This comment has been minimized.

Copy link

@gopherbot gopherbot commented Oct 18, 2016

CL https://golang.org/cl/31391 mentions this issue.

@agl agl modified the milestones: Go1.8Early, Go1.8Maybe Oct 25, 2016
@gopherbot gopherbot closed this in 51c959b Oct 26, 2016
@golang golang locked and limited conversation to collaborators Oct 26, 2017
FiloSottile added a commit to FiloSottile/go that referenced this issue Oct 12, 2018
Fixes golang#17430

Change-Id: Ia1c25363d64e3091455ce00644438715aff30a0d
Reviewed-on: https://go-review.googlesource.com/31391
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Filippo Valsorda <hi@filippo.io>
FiloSottile added a commit to FiloSottile/go that referenced this issue Oct 12, 2018
Fixes golang#17430

Change-Id: Ia1c25363d64e3091455ce00644438715aff30a0d
Reviewed-on: https://go-review.googlesource.com/31391
Run-TryBot: Adam Langley <agl@golang.org>
TryBot-Result: Gobot Gobot <gobot@golang.org>
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Reviewed-by: Filippo Valsorda <hi@filippo.io>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
5 participants
You can’t perform that action at this time.