@@ -115,18 +115,6 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *keySharePrivateKeys, *echCon
115115 return nil , nil , nil , errors .New ("tls: short read from Rand: " + err .Error ())
116116 }
117117
118- // A random session ID is used to detect when the server accepted a ticket
119- // and is resuming a session (see RFC 5077). In TLS 1.3, it's always set as
120- // a compatibility measure (see RFC 8446, Section 4.1.2).
121- //
122- // The session ID is not set for QUIC connections (see RFC 9001, Section 8.4).
123- if c .quic == nil {
124- hello .sessionId = make ([]byte , 32 )
125- if _ , err := io .ReadFull (config .rand (), hello .sessionId ); err != nil {
126- return nil , nil , nil , errors .New ("tls: short read from Rand: " + err .Error ())
127- }
128- }
129-
130118 if maxVersion >= VersionTLS12 {
131119 hello .supportedSignatureAlgorithms = supportedSignatureAlgorithms ()
132120 }
@@ -235,6 +223,25 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *keySharePrivateKeys, *echCon
235223 }
236224 }
237225
226+ if c .quic == nil {
227+ // A random session ID is used to detect when the server accepted a ticket
228+ // and is resuming a session (see RFC 5077). In TLS 1.3, it's always set as
229+ // a compatibility measure (see RFC 8446, Section 4.1.2).
230+ if config .SessionIDGenerator != nil {
231+ buffer , err := hello .marshal ()
232+ if err != nil {
233+ return nil , nil , nil , err
234+ }
235+ if err := config .SessionIDGenerator (buffer , hello .sessionId ); err != nil {
236+ return nil , nil , nil , errors .New ("tls: generate session id failed: " + err .Error ())
237+ }
238+ } else {
239+ if _ , err := io .ReadFull (config .rand (), hello .sessionId ); err != nil {
240+ return nil , nil , nil , errors .New ("tls: short read from Rand: " + err .Error ())
241+ }
242+ }
243+ }
244+
238245 return hello , keyShareKeys , ech , nil
239246}
240247
0 commit comments