crypto/tls: session resumption fails with a cloned tls.Config #60506
Labels
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes, reproduced with tip.
What operating system and processor architecture are you using (
go env
)?go env
OutputWhat did you do?
I take a (potentially user-provided)
tls.Config
, clone it and start the first TLS server. I then connect to this server with a TLS client and obtain a session ticket.I then start a second server using a clone of the same
Config
under the same IP and port, and have the TLS client connect to it.This is exactly what a 0-RTT enabled QUIC stack needs to do to support 0-RTT resumption: every incoming QUIC connection needs to use a clone of the original
tls.Config
. This is because it needs to wrap the user-providedWrapSession
andUnwrapSession
callback on thetls.Config
(see here for the corresponding code in quic-go).What did you expect to see?
I expected session resumption to succeed.
What did you see instead?
The client uses the ticket obtained from the first connection, but session resumption fails. This is because the session ticket keys on the
tls.Config
are lazily initialized.I currently work around this by explicitly calling
tls.Config.DecryptTicket
with an arbitrary value for the ticket, since this triggers initialization of the session ticket keys. A cleaner way would be to initialize session ticket keys onClone
(potentially restricted to configs that can be used for the server, i.e. haveCertificates
orGetCertificate
configured for performance reasons).cc @FiloSottile
The text was updated successfully, but these errors were encountered: