Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: session resumption (session id caching) #18607

Closed
tam7t opened this issue Jan 11, 2017 · 3 comments
Closed

crypto/tls: session resumption (session id caching) #18607

tam7t opened this issue Jan 11, 2017 · 3 comments
Assignees
Milestone

Comments

@tam7t
Copy link

@tam7t tam7t commented Jan 11, 2017

What version of Go are you using (go version)?

go version go1.7.4 darwin/amd64

What operating system and processor architecture are you using (go env)?

GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOOS="darwin"

What did you do?

I have 2 web servers, one that supports TLS session resumption based on a session cache and another that supports session cache and session tickets.

https://play.golang.org/p/9n4OZRjqHh

What did you expect to see?

I had expected the 2nd connection to each server to resume the session.

What did you see instead?

DidResume is only true for the server that supports session ticket resumption.

It appears that session ID caching is not supported in client or server mode. Perhaps the documentation for ClientSessionCache could be a bit more explicit that it is only a cache for session tickets.

@bradfitz bradfitz added this to the Go1.9 milestone Jan 11, 2017
@FiloSottile

This comment has been minimized.

Copy link
Member

@FiloSottile FiloSottile commented Jan 13, 2017

Session ID caching is not supported in neither client nor server.

I guess the client side can be documented in Config.ClientSessionCache. Not sure where the docs for the server side could go.

I had to look at the code myself a week ago to confirm this.

@gopherbot gopherbot closed this in 0c9325e Feb 8, 2017
@Kanshiroron

This comment has been minimized.

Copy link

@Kanshiroron Kanshiroron commented May 17, 2017

Any plan on implementing it?
The thing is without this feature, it's impossible to configure a load balancer with sticky TLS sessions (without TLS offload)

@FiloSottile

This comment has been minimized.

Copy link
Member

@FiloSottile FiloSottile commented May 18, 2017

No plans I'm aware of. You can open a new issue to request the feature.

Almost sure you could implement sticky TLS on top of tickets with #19199, but the discussion should move away from this closed issue.

@golang golang locked and limited conversation to collaborators May 18, 2018
FiloSottile pushed a commit to FiloSottile/go that referenced this issue Oct 12, 2018
This change clarifies that only ticket-based resumption is supported by
crypto/tls. It's not clear where to document this for a server,
although perhaps it's obvious there because there's nowhere to plug in
the storage that would be needed by SessionID-based resumption.

Fixes golang#18607

Change-Id: Iaaed53e8d8f2f45c2f24c0683052df4be6340922
Reviewed-on: https://go-review.googlesource.com/36560
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
FiloSottile pushed a commit to FiloSottile/go that referenced this issue Oct 12, 2018
This change clarifies that only ticket-based resumption is supported by
crypto/tls. It's not clear where to document this for a server,
although perhaps it's obvious there because there's nowhere to plug in
the storage that would be needed by SessionID-based resumption.

Fixes golang#18607

Change-Id: Iaaed53e8d8f2f45c2f24c0683052df4be6340922
Reviewed-on: https://go-review.googlesource.com/36560
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
6 participants
You can’t perform that action at this time.