Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
crypto/tls: make ClientSessionState serializable #25351
The ClientSessionCache interface passes ClientSessionState objects to the application to hold on to. Since these objects are opaque, they can only be held in memory, and they can't be saved or synchronized.
We should add a way to serialize and deserialize these objects, without making promises about their contents, but aiming for backwards compatibility if possible. Probably worth doing after 1.3 so that we skip that format change.
This can probably be just an implementation of
There isn't even a forward secrecy concern here because in 1.2 the tickets are sent in plaintext with the connection (sigh), and in 1.3 there's a DH round anyway.
I have a proposal here where some handshake data is stored and sequential numbers are retrieved and loaded with some reflection code: https://github.com/igarciaolaizola/resume-tls
@glerchundi If you asking about my proposal, I guess it has the same security problems as if someone could intercept the handshake messages and count the received and transmitted packages, but I am not a TLS expert. The code it's just a quick proof of concept.