Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Send handshake messages in as few records as possible, send multiple new session tickets #287

Merged
merged 6 commits into from Jan 18, 2019
Merged

Send handshake messages in as few records as possible, send multiple new session tickets #287

merged 6 commits into from Jan 18, 2019

Conversation

tomato42
Copy link
Member

@tomato42 tomato42 commented Jul 3, 2018
edited

support for sending multiple messages of the same type in single record,
coalesce the server encrypted flight and session tickets, when
there are multiple to be sent

add support for sending multiple session tickets

rework key derivation for session tickets to prevent IV collisions

fixes #286

This change is Reviewable

@tomato42 tomato42 added the enhancement new feature to be implemented label Jul 3, 2018
@tomato42 tomato42 added this to the v0.8.0 milestone Jul 3, 2018
@tomato42 tomato42 self-assigned this Jul 3, 2018
@tomato42 tomato42 added this to To do in TLS 1.3 support via automation Jul 3, 2018
@tomato42 tomato42 moved this from To do to In progress in TLS 1.3 support Jul 3, 2018
@tomato42 tomato42 changed the title [WIP] send handshake messages in few records [WIP] send handshake messages in as few records as possible Jul 3, 2018
nmav
nmav reviewed Jul 4, 2018
View reviewed changes
tlslite/tlsconnection.py Outdated Show resolved Hide resolved
@nmav
Copy link
Collaborator

nmav commented Jul 4, 2018

Thank you, I can verify that I can test https://gitlab.com/gnutls/gnutls/issues/511 using this PR.

nmav
nmav previously approved these changes Jul 4, 2018
View reviewed changes
Copy link
Collaborator

@nmav nmav left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tomato42
Copy link
Member Author

@nmav the amount of tickets sent is now configurable using a command line argument, the default is still two

a single NewSessionTicket message from tlslite-ng is 174B long, so the configuration needs to request at least 95 tickets to fill a full record, the upside is that 2^14 % 174 is 28, so the NST will be fragmented if so many get requested

nmav
nmav previously approved these changes Jul 26, 2018
View reviewed changes
@tomato42 tomato42 requested a review from nmav January 10, 2019 16:23
@tomato42
Copy link
Member Author

@nmav finally found some time to update it, could you take a second look?

@tomato42 tomato42 changed the title [WIP] send handshake messages in as few records as possible Send handshake messages in as few records as possible Jan 15, 2019
@tomato42 tomato42 added the review request PR finished, ready for review label Jan 15, 2019
@tomato42 tomato42 changed the title Send handshake messages in as few records as possible Send handshake messages in as few records as possible, send multiple new session tickets Jan 15, 2019
@tomato42
send handshake messages in few records
8b4430c 
support for sending multiple messages of the same time in single record,
coalesce the server encrypted flight and session ticket
@tomato42
support sending multiple tickets to client
a5a81fd
@tomato42
allow for setting the number of sent tickets in tls.py
bbb2198
@tomato42
do proper derivation for ticket encryption keys
8eafa3b 
to reduce probability of key and IV collision, they need to be derived
from a common secret; use TLS 1.3-like derivation mechanism to do that
@tomato42
update documentation related to ticket handling
ff1178f
@tomato42 tomato42 requested a review from ueno January 18, 2019 13:26
simo5
simo5 previously approved these changes Jan 18, 2019
View reviewed changes
Copy link
Collaborator

@simo5 simo5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It may make sense to add a comment that tell with the value "2" was chosen, but otherwise LGTM

@tomato42 tomato42 merged commit 049ae5a into master Jan 18, 2019
TLS 1.3 support automation moved this from In progress to Done Jan 18, 2019
@tomato42 tomato42 deleted the multiple-tickets branch January 18, 2019 16:34
@tomato42 tomato42 mentioned this pull request Aug 31, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@simo5 simo5 simo5 left review comments

@nmav nmav Awaiting requested review from nmav

@ueno ueno Awaiting requested review from ueno

Assignees

@tomato42 tomato42

Labels
enhancement new feature to be implemented review request PR finished, ready for review
Projects
TLS 1.3 support
  
Done
Milestone
v0.8.0
Development

Successfully merging this pull request may close these issues.

sending multiple NewSessionTickets
3 participants
@tomato42 @nmav @simo5