@@ -115,18 +115,6 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *keySharePrivateKeys, *echCon
115
115
return nil , nil , nil , errors .New ("tls: short read from Rand: " + err .Error ())
116
116
}
117
117
118
- // A random session ID is used to detect when the server accepted a ticket
119
- // and is resuming a session (see RFC 5077). In TLS 1.3, it's always set as
120
- // a compatibility measure (see RFC 8446, Section 4.1.2).
121
- //
122
- // The session ID is not set for QUIC connections (see RFC 9001, Section 8.4).
123
- if c .quic == nil {
124
- hello .sessionId = make ([]byte , 32 )
125
- if _ , err := io .ReadFull (config .rand (), hello .sessionId ); err != nil {
126
- return nil , nil , nil , errors .New ("tls: short read from Rand: " + err .Error ())
127
- }
128
- }
129
-
130
118
if maxVersion >= VersionTLS12 {
131
119
hello .supportedSignatureAlgorithms = supportedSignatureAlgorithms ()
132
120
}
@@ -235,6 +223,25 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *keySharePrivateKeys, *echCon
235
223
}
236
224
}
237
225
226
+ if c .quic == nil {
227
+ // A random session ID is used to detect when the server accepted a ticket
228
+ // and is resuming a session (see RFC 5077). In TLS 1.3, it's always set as
229
+ // a compatibility measure (see RFC 8446, Section 4.1.2).
230
+ if config .SessionIDGenerator != nil {
231
+ buffer , err := hello .marshal ()
232
+ if err != nil {
233
+ return nil , nil , nil , err
234
+ }
235
+ if err := config .SessionIDGenerator (buffer , hello .sessionId ); err != nil {
236
+ return nil , nil , nil , errors .New ("tls: generate session id failed: " + err .Error ())
237
+ }
238
+ } else {
239
+ if _ , err := io .ReadFull (config .rand (), hello .sessionId ); err != nil {
240
+ return nil , nil , nil , errors .New ("tls: short read from Rand: " + err .Error ())
241
+ }
242
+ }
243
+ }
244
+
238
245
return hello , keyShareKeys , ech , nil
239
246
}
240
247
0 commit comments