@@ -115,18 +115,6 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *keySharePrivateKeys, *echCon
115115 return nil , nil , nil , errors .New ("tls: short read from Rand: " + err .Error ())
116116 }
117117
118- // A random session ID is used to detect when the server accepted a ticket
119- // and is resuming a session (see RFC 5077). In TLS 1.3, it's always set as
120- // a compatibility measure (see RFC 8446, Section 4.1.2).
121- //
122- // The session ID is not set for QUIC connections (see RFC 9001, Section 8.4).
123- if c .quic == nil {
124- hello .sessionId = make ([]byte , 32 )
125- if _ , err := io .ReadFull (config .rand (), hello .sessionId ); err != nil {
126- return nil , nil , nil , errors .New ("tls: short read from Rand: " + err .Error ())
127- }
128- }
129-
130118 if maxVersion >= VersionTLS12 {
131119 hello .supportedSignatureAlgorithms = supportedSignatureAlgorithms ()
132120 }
@@ -235,6 +223,26 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *keySharePrivateKeys, *echCon
235223 }
236224 }
237225
226+ if c .quic == nil {
227+ // A random session ID is used to detect when the server accepted a ticket
228+ // and is resuming a session (see RFC 5077). In TLS 1.3, it's always set as
229+ // a compatibility measure (see RFC 8446, Section 4.1.2).
230+ hello .sessionId = make ([]byte , 32 )
231+ if config .SessionIDGenerator != nil {
232+ buffer , err := hello .marshal ()
233+ if err != nil {
234+ return nil , nil , nil , err
235+ }
236+ if err := config .SessionIDGenerator (buffer , hello .sessionId ); err != nil {
237+ return nil , nil , nil , errors .New ("tls: generate session id failed: " + err .Error ())
238+ }
239+ } else {
240+ if _ , err := io .ReadFull (config .rand (), hello .sessionId ); err != nil {
241+ return nil , nil , nil , errors .New ("tls: short read from Rand: " + err .Error ())
242+ }
243+ }
244+ }
245+
238246 return hello , keyShareKeys , ech , nil
239247}
240248
0 commit comments