-
Notifications
You must be signed in to change notification settings - Fork 17.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/tls: cleanup handshake state #39406
Comments
I checked the checkForResumption() function and found that SessinState and hs.suite will be rewritten even if the function return false. |
Fixes golang#39406 When use checkForResumption() function it could be side-effect sometime. 1. hs.sessionState will be changed and retained although the function return false. 2. hs.suite will be changed and retained when the statements below return false. So we should use a local variable, cilentSessionState, to replace hs.sessionState in the function. And move the set-suite statements down to avoid being changed too early.
Change https://golang.org/cl/245160 mentions this issue: |
Updates golang#39406 The process of checking server's cipher suites now is based on the logical relationship following: If the cipherSuite supports ECDHE,judge hs.ecdheOK ,then judge ecSignOK and rsaSignOk to check signer; if not supports, judge rsaOK. Then check if the suite needs tls1.2 version. This relationship is complicated, Fragile and hard to modify.Besides, it need 4 bool parameters in hs and a lot of "if...else" statements in cipherSuiteOk() function. So we can use one parameter, cipherSuite, to replace those 4 in hs.Then we just need two bit operations in cipherSuiteOK() instead of many "if...else"s.What we need to do is completing the const and cipherSuites list in cipher_suites.go(They are partially omitted based on logical relationship, which is not plain at all.)
Change https://golang.org/cl/246038 mentions this issue: |
Change https://golang.org/cl/245837 mentions this issue: |
Change https://golang.org/cl/246263 mentions this issue: |
@FiloSottile, a couple of CLs were mailed during Go1.16 -- thanks @SparrowLii. However, we didn't land any of them during Go1.16, and thus I shall punt this issue to Go1.17. Please feel free to change priorities though as you please. Also kindly cc-ing @katiehockman @rolandshoemaker. |
Is this still going to be done during 1.17? Thanks. |
Since there was no response, I'm kicking this to the backlog to clean up the milestone. Please let me know if that's wrong. Thanks! |
We should refactor where and when the hs and Conn state is accessed and modified during the handshake. For example checkForResumption should probably be side-effect free.
The text was updated successfully, but these errors were encountered: