-
Notifications
You must be signed in to change notification settings - Fork 17.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
proposal: crypto/tls: implement Session IDs resumption #25228
Comments
TLS 1.3 might also need server side state to handle 0-RTT anti-replay. If that happens, 1.2 Session IDs can be implemented along with that. |
I have an implementation for this, although only for the server side because that is what I needed. |
We have encountered (probably bad) embedded TLS client implementations that refuse to talk to Go TLS server because session ID resumption is not implemented, so we had to insert NGINX in front to make it work. This would be a welcome addition. |
This would also be needed in order to support TLS resumption (at all) for iOS as based on my tests, this platform does not send session tickets (neither Safari nor apps), and there is no obvious way to unable it from NSURLSession. |
java 13 implements RFC 5077 |
This is terrifying: it looks like there are FTP servers that use session reuse as an authentication method across control and data connections, and some of them don't support session tickets, so need session IDs. secsy/goftp#49 https://scarybeastsecurity.blogspot.com/2009/02/vsftpd-210-released.html |
What version of Go are you using (
go version
)?go version go1.10 linux/amd64
Does this issue reproduce with the latest release?
Yes
What did you do?
Crypto/tls today only implements session ticket resumption described in RFC 5077. Per https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations#Extensions JSSE does not support session ticket resumption, so I'm looking for a way to speed up the TLS handshake between Golang and Java applications
https://tools.ietf.org/html/rfc5246 (The Transport Layer Security (TLS) Protocol Version 1.2) describes the session resumption, also useful to speed up the TLS handshake. It is implemented by OpenSSL and JSSE. Implementation should have a public interface similar to the OpenSSL's SSL_CTX_add_session() to inject the sessions in the server cache.
The text was updated successfully, but these errors were encountered: