crypto/tls: avoid linkability across sessions by not reusing session tickets #60505
Description
What version of Go are you using (go version)?
$ go version go version go1.20.3 darwin/arm64
What operating system and processor architecture are you using (go env)?
go env Output
$ go env GO111MODULE="" GOARCH="arm64" GOBIN="" GOCACHE="/Users/marten/Library/Caches/go-build" GOENV="/Users/marten/Library/Application Support/go/env" GOEXE="" GOEXPERIMENT="" GOFLAGS="" GOHOSTARCH="arm64" GOHOSTOS="darwin" GOINSECURE="" GOMODCACHE="/Users/marten/src/go/pkg/mod" GONOPROXY="" GONOSUMDB="" GOOS="darwin" GOPATH="/Users/marten/src/go" GOPRIVATE="" GOPROXY="https://proxy.golang.org,direct" GOROOT="/Users/marten/bin/go1.20ex" GOSUMDB="sum.golang.org" GOTMPDIR="" GOTOOLDIR="/Users/marten/bin/go1.20ex/pkg/tool/darwin_arm64" GOVCS="" GOVERSION="go1.20.3" GCCGO="gccgo" AR="ar" CC="clang" CXX="clang++" CGO_ENABLED="1" GOMOD="/dev/null" GOWORK="" CGO_CFLAGS="-O2 -g" CGO_CPPFLAGS="" CGO_CXXFLAGS="-O2 -g" CGO_FFLAGS="-O2 -g" CGO_LDFLAGS="-O2 -g" PKG_CONFIG="pkg-config" GOGCCFLAGS="-fPIC -arch arm64 -pthread -fno-caret-diagnostics -Qunused-arguments -fmessage-length=0 -fdebug-prefix-map=/var/folders/q0/b5ynf00142l7bl9sp8y098zr0000gn/T/go-build2554136632=/tmp/go-build -gno-record-gcc-switches -fno-common"
Does this issue reproduce with the latest release?
Yes
What did you do?
I resumed multiple TLS session to the same server (without saving the session ticket issued on the first resumed connection).
What did you expect to see?
I expected the ticket to not be reused. RFC 8446 Appendix C.4 says:
Clients SHOULD NOT reuse a ticket for multiple connections. Reuse of a ticket allows passive observers to correlate different connections.
While it's just a SHOULD NOT and not a MUST NOT, is there any good reason to deviate from the advice given in the RFC?
What did you see instead?
Session tickets are only removed when the handshake fails or when either the server certificate or the session ticket has expired.