New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

proposal: crypto/tls: implement Session IDs resumption #25228

Open
pvoicu opened this Issue May 2, 2018 · 2 comments

Comments

Projects
None yet
3 participants
@pvoicu
Copy link
Contributor

pvoicu commented May 2, 2018

What version of Go are you using (go version)?

go version go1.10 linux/amd64

Does this issue reproduce with the latest release?

Yes

What did you do?

Crypto/tls today only implements session ticket resumption described in RFC 5077. Per https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations#Extensions JSSE does not support session ticket resumption, so I'm looking for a way to speed up the TLS handshake between Golang and Java applications

https://tools.ietf.org/html/rfc5246 (The Transport Layer Security (TLS) Protocol Version 1.2) describes the session resumption, also useful to speed up the TLS handshake. It is implemented by OpenSSL and JSSE. Implementation should have a public interface similar to the OpenSSL's SSL_CTX_add_session() to inject the sessions in the server cache.

@gopherbot gopherbot added this to the Proposal milestone May 2, 2018

@gopherbot gopherbot added the Proposal label May 2, 2018

@FiloSottile FiloSottile changed the title proposal: crypto/tls: implement Session resumption per rfc5246 proposal: crypto/tls: implement Session IDs resumption May 3, 2018

@FiloSottile

This comment has been minimized.

Copy link
Member

FiloSottile commented May 4, 2018

TLS 1.3 might also need server side state to handle 0-RTT anti-replay.

If that happens, 1.2 Session IDs can be implemented along with that.

@pvoicu

This comment has been minimized.

Copy link
Contributor Author

pvoicu commented Jul 20, 2018

I have an implementation for this, although only for the server side because that is what I needed.
I would be glad to contribute.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment