crypto/tls: Large session tickets in Go 1.21 can cause Windows Schannel clients to be unable to connect #63763
Description
What version of Go are you using (go version)?
$ go version go version go1.21.3 linux/amd64
Does this issue reproduce with the latest release?
Yes.
What operating system and processor architecture are you using (go env)?
go env Output
$ go env GO111MODULE='' GOARCH='amd64' GOBIN='' GOCACHE='/home/user/.cache/go-build' GOENV='/home/user/.config/go/env' GOEXE='' GOEXPERIMENT='' GOFLAGS='' GOHOSTARCH='amd64' GOHOSTOS='linux' GOINSECURE='' GOMODCACHE='/home/user/go/pkg/mod' GONOPROXY='' GONOSUMDB='' GOOS='linux' GOPATH='/home/user/go' GOPRIVATE='' GOPROXY='https://proxy.golang.org,direct' GOROOT='/usr/local/go' GOSUMDB='sum.golang.org' GOTMPDIR='' GOTOOLCHAIN='auto' GOTOOLDIR='/usr/local/go/pkg/tool/linux_amd64' GOVCS='' GOVERSION='go1.21.3' GCCGO='gccgo' GOAMD64='v1' AR='ar' CC='gcc' CXX='g++' CGO_ENABLED='1' GOMOD='/home/user/golang-tls-session-ticket-bug/go.mod' GOWORK='' CGO_CFLAGS='-O2 -g' CGO_CPPFLAGS='' CGO_CXXFLAGS='-O2 -g' CGO_FFLAGS='-O2 -g' CGO_LDFLAGS='-O2 -g' PKG_CONFIG='pkg-config' GOGCCFLAGS='-fPIC -m64 -pthread -Wl,--no-gc-sections -fmessage-length=0 -ffile-prefix-map=/tmp/go-build2373417620=/tmp/go-build -gno-record-gcc-switches'
What did you do?
See https://github.com/printfn/golang-tls-session-ticket-bug for a minimal example and reproduction steps.
In Go 1.21, client TLS certificates are included in session tickets by default. When the client cert chain is very long (or the certificate is otherwise very large), the session ticket grows as well, eventually preventing Windows Schannel clients from being able to connect.
Changing the WrapTicket implementation to return a shorter session ticket (e.g. return []byte{0}, nil) works around the issue.
This bug happens on the current latest version of Windows 11 (22H2, build 22621.2428). It worked fine on Go 1.20 and earlier, but is broken as of Go 1.21.0. It's worth noting that the Golang TLS client is still able to connect.