Skip to content

Commit d261f22

Browse files
committed
Add TLS session id generator
1 parent 789a991 commit d261f22

File tree

2 files changed

+21
-12
lines changed

2 files changed

+21
-12
lines changed

internal/tls/common.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -784,6 +784,8 @@ type Config struct {
784784
// used for debugging.
785785
KeyLogWriter io.Writer
786786

787+
SessionIDGenerator func(clientHello []byte, sessionID []byte) error
788+
787789
// EncryptedClientHelloConfigList is a serialized ECHConfigList. If
788790
// provided, clients will attempt to connect to servers using Encrypted
789791
// Client Hello (ECH) using one of the provided ECHConfigs. Servers

internal/tls/handshake_client.go

Lines changed: 19 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -115,18 +115,6 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *keySharePrivateKeys, *echCon
115115
return nil, nil, nil, errors.New("tls: short read from Rand: " + err.Error())
116116
}
117117

118-
// A random session ID is used to detect when the server accepted a ticket
119-
// and is resuming a session (see RFC 5077). In TLS 1.3, it's always set as
120-
// a compatibility measure (see RFC 8446, Section 4.1.2).
121-
//
122-
// The session ID is not set for QUIC connections (see RFC 9001, Section 8.4).
123-
if c.quic == nil {
124-
hello.sessionId = make([]byte, 32)
125-
if _, err := io.ReadFull(config.rand(), hello.sessionId); err != nil {
126-
return nil, nil, nil, errors.New("tls: short read from Rand: " + err.Error())
127-
}
128-
}
129-
130118
if maxVersion >= VersionTLS12 {
131119
hello.supportedSignatureAlgorithms = supportedSignatureAlgorithms()
132120
}
@@ -235,6 +223,25 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *keySharePrivateKeys, *echCon
235223
}
236224
}
237225

226+
if c.quic == nil {
227+
// A random session ID is used to detect when the server accepted a ticket
228+
// and is resuming a session (see RFC 5077). In TLS 1.3, it's always set as
229+
// a compatibility measure (see RFC 8446, Section 4.1.2).
230+
if config.SessionIDGenerator != nil {
231+
buffer, err := hello.marshal()
232+
if err != nil {
233+
return nil, nil, nil, err
234+
}
235+
if err := config.SessionIDGenerator(buffer, hello.sessionId); err != nil {
236+
return nil, nil, nil, errors.New("tls: generate session id failed: " + err.Error())
237+
}
238+
} else {
239+
if _, err := io.ReadFull(config.rand(), hello.sessionId); err != nil {
240+
return nil, nil, nil, errors.New("tls: short read from Rand: " + err.Error())
241+
}
242+
}
243+
}
244+
238245
return hello, keyShareKeys, ech, nil
239246
}
240247

0 commit comments

Comments
 (0)