SagerNet/sing-shadowtls
1
0
Fork 0
mirror of https://github.com/SagerNet/sing-shadowtls.git synced 2025-03-31 10:47:35 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add TLS session id generator

Browse source
This commit is contained in:
世界 2024-11-17 15:41:12 +08:00
parent 789a9918a5
commit b28a0ef94f
No known key found for this signature in database
GPG key ID: CD109927C34A63C4
2 changed files with 22 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

2
internal/tls/common.go
View file

@ -784,6 +784,8 @@ type Config struct {
// used for debugging.
KeyLogWriter io.Writer
SessionIDGenerator func(clientHello []byte, sessionID []byte) error
// EncryptedClientHelloConfigList is a serialized ECHConfigList. If
// provided, clients will attempt to connect to servers using Encrypted
// Client Hello (ECH) using one of the provided ECHConfigs. Servers

32
internal/tls/handshake_client.go
View file

@ -115,18 +115,6 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *keySharePrivateKeys, *echCon
return nil, nil, nil, errors.New("tls: short read from Rand: " + err.Error())
}
// A random session ID is used to detect when the server accepted a ticket
// and is resuming a session (see RFC 5077). In TLS 1.3, it's always set as
// a compatibility measure (see RFC 8446, Section 4.1.2).
//
// The session ID is not set for QUIC connections (see RFC 9001, Section 8.4).
if c.quic == nil {
hello.sessionId = make([]byte, 32)
if _, err := io.ReadFull(config.rand(), hello.sessionId); err != nil {
return nil, nil, nil, errors.New("tls: short read from Rand: " + err.Error())
}
}
if maxVersion >= VersionTLS12 {
hello.supportedSignatureAlgorithms = supportedSignatureAlgorithms()
}
@ -235,6 +223,26 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *keySharePrivateKeys, *echCon
}
}
if c.quic == nil {
// A random session ID is used to detect when the server accepted a ticket
// and is resuming a session (see RFC 5077). In TLS 1.3, it's always set as
// a compatibility measure (see RFC 8446, Section 4.1.2).
hello.sessionId = make([]byte, 32)
if config.SessionIDGenerator != nil {
buffer, err := hello.marshal()
if err != nil {
return nil, nil, nil, err
}
if err := config.SessionIDGenerator(buffer, hello.sessionId); err != nil {
return nil, nil, nil, errors.New("tls: generate session id failed: " + err.Error())
}
} else {
if _, err := io.ReadFull(config.rand(), hello.sessionId); err != nil {
return nil, nil, nil, errors.New("tls: short read from Rand: " + err.Error())
}
}
}
return hello, keyShareKeys, ech, nil
}