forked from cloudflare/cfssl
-
Notifications
You must be signed in to change notification settings - Fork 0
/
tls_session.go
44 lines (38 loc) · 1.13 KB
/
tls_session.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
package scan
import "github.com/cloudflare/cf-tls/tls"
// TLSSession contains tests of host TLS Session Resumption via
// Session Tickets and Session IDs
var TLSSession = &Family{
Description: "Scans host's implementation of TLS session resumption using session tickets/session IDs",
Scanners: map[string]*Scanner{
"SessionResume": {
"Host is able to resume sessions across all addresses",
sessionResumeScan,
},
},
}
// SessionResumeScan tests that host is able to resume sessions across all addresses.
func sessionResumeScan(host string) (grade Grade, output Output, err error) {
config := defaultTLSConfig(host)
config.ClientSessionCache = tls.NewLRUClientSessionCache(1)
conn, err := tls.DialWithDialer(Dialer, Network, host, config)
if err != nil {
return
}
if err = conn.Close(); err != nil {
return
}
return multiscan(host, func(addrport string) (g Grade, o Output, e error) {
g = Good
conn, e1 := tls.DialWithDialer(Dialer, Network, addrport, config)
if e1 != nil {
return
}
conn.Close()
o = conn.ConnectionState().DidResume
if !conn.ConnectionState().DidResume {
grade = Bad
}
return
})
}