crypto/tls: enable TLS 1.3 and update tests

To disable TLS 1.3, simply remove VersionTLS13 from supportedVersions, as tested by TestEscapeRoute, and amend documentation. To make it opt-in, revert the change to (*Config).supportedVersions from this CL. I did not have the heart to implement the early data skipping feature when I realized that it did not offer a choice between two abstraction-breaking options, but demanded them both (look for handshake type in case of HelloRetryRequest, trial decryption otherwise). It's a lot of complexity for an apparently small gain, but if anyone has strong opinions about it let me know. Note that in TLS 1.3 alerts are encrypted, so the close_notify peeking to return (n > 0, io.EOF) from Read doesn't work. If we are lucky, those servers that unexpectedly close connections after serving a single request will have stopped (maybe thanks to H/2) before they got updated to TLS 1.3. Relatedly, session tickets are now provisioned on the client first Read instead of at Handshake time, because they are, well, post-handshake messages. If this proves to be a problem we might try to peek at them. Doubled the tests that cover logic that's different in TLS 1.3. The benchmarks for TLS 1.2 compared to be0f3c286b5 (before TLS 1.3 and its refactors, after CL 142817 changed them to use real connections) show little movement. name old time/op new time/op delta HandshakeServer/RSA-8 795µs ± 1% 798µs ± 1% ~ (p=0.057 n=10+18) HandshakeServer/ECDHE-P256-RSA-8 903µs ± 0% 909µs ± 1% +0.68% (p=0.000 n=8+17) HandshakeServer/ECDHE-P256-ECDSA-P256-8 198µs ± 0% 204µs ± 1% +3.24% (p=0.000 n=9+18) HandshakeServer/ECDHE-X25519-ECDSA-P256-8 202µs ± 3% 208µs ± 1% +2.98% (p=0.000 n=9+20) HandshakeServer/ECDHE-P521-ECDSA-P521-8 15.5ms ± 1% 15.9ms ± 2% +2.49% (p=0.000 n=10+20) Throughput/MaxPacket/1MB-8 5.81ms ±23% 6.14ms ±44% ~ (p=0.605 n=8+18) Throughput/MaxPacket/2MB-8 8.91ms ±22% 8.74ms ±33% ~ (p=0.498 n=9+19) Throughput/MaxPacket/4MB-8 12.8ms ± 3% 14.0ms ±10% +9.74% (p=0.000 n=10+17) Throughput/MaxPacket/8MB-8 25.1ms ± 7% 24.6ms ±16% ~ (p=0.129 n=9+19) Throughput/MaxPacket/16MB-8 46.3ms ± 4% 45.9ms ±12% ~ (p=0.340 n=9+20) Throughput/MaxPacket/32MB-8 88.5ms ± 4% 86.0ms ± 4% -2.82% (p=0.004 n=10+20) Throughput/MaxPacket/64MB-8 173ms ± 2% 167ms ± 7% -3.42% (p=0.001 n=10+19) Throughput/DynamicPacket/1MB-8 5.88ms ± 4% 6.59ms ±64% ~ (p=0.232 n=9+18) Throughput/DynamicPacket/2MB-8 9.08ms ±12% 8.73ms ±21% ~ (p=0.408 n=10+18) Throughput/DynamicPacket/4MB-8 14.2ms ± 5% 14.0ms ±11% ~ (p=0.188 n=9+19) Throughput/DynamicPacket/8MB-8 25.1ms ± 6% 24.0ms ± 7% -4.39% (p=0.000 n=10+18) Throughput/DynamicPacket/16MB-8 45.6ms ± 3% 43.3ms ± 1% -5.22% (p=0.000 n=10+8) Throughput/DynamicPacket/32MB-8 88.4ms ± 3% 84.8ms ± 2% -4.06% (p=0.000 n=10+10) Throughput/DynamicPacket/64MB-8 175ms ± 3% 167ms ± 2% -4.63% (p=0.000 n=10+10) Latency/MaxPacket/200kbps-8 694ms ± 0% 694ms ± 0% -0.02% (p=0.000 n=9+9) Latency/MaxPacket/500kbps-8 279ms ± 0% 279ms ± 0% -0.09% (p=0.000 n=10+10) Latency/MaxPacket/1000kbps-8 140ms ± 0% 140ms ± 0% -0.15% (p=0.000 n=10+9) Latency/MaxPacket/2000kbps-8 71.1ms ± 0% 71.0ms ± 0% -0.09% (p=0.001 n=8+9) Latency/MaxPacket/5000kbps-8 30.5ms ± 6% 30.1ms ± 6% ~ (p=0.905 n=10+9) Latency/DynamicPacket/200kbps-8 134ms ± 0% 134ms ± 0% ~ (p=0.796 n=9+9) Latency/DynamicPacket/500kbps-8 54.8ms ± 0% 54.7ms ± 0% -0.18% (p=0.000 n=8+10) Latency/DynamicPacket/1000kbps-8 28.5ms ± 0% 29.1ms ± 8% ~ (p=0.173 n=8+10) Latency/DynamicPacket/2000kbps-8 15.3ms ± 6% 15.9ms ±10% ~ (p=0.905 n=9+10) Latency/DynamicPacket/5000kbps-8 9.14ms ±21% 9.65ms ±82% ~ (p=0.529 n=10+10) name old speed new speed delta Throughput/MaxPacket/1MB-8 175MB/s ±13% 167MB/s ±64% ~ (p=0.646 n=7+20) Throughput/MaxPacket/2MB-8 241MB/s ±25% 241MB/s ±40% ~ (p=0.660 n=9+20) Throughput/MaxPacket/4MB-8 328MB/s ± 3% 300MB/s ± 9% -8.70% (p=0.000 n=10+17) Throughput/MaxPacket/8MB-8 335MB/s ± 7% 340MB/s ±17% ~ (p=0.212 n=9+20) Throughput/MaxPacket/16MB-8 363MB/s ± 4% 367MB/s ±11% ~ (p=0.340 n=9+20) Throughput/MaxPacket/32MB-8 379MB/s ± 4% 390MB/s ± 4% +2.93% (p=0.004 n=10+20) Throughput/MaxPacket/64MB-8 388MB/s ± 2% 401MB/s ± 7% +3.25% (p=0.004 n=10+20) Throughput/DynamicPacket/1MB-8 178MB/s ± 4% 157MB/s ±73% ~ (p=0.127 n=9+20) Throughput/DynamicPacket/2MB-8 232MB/s ±11% 243MB/s ±18% ~ (p=0.415 n=10+18) Throughput/DynamicPacket/4MB-8 296MB/s ± 5% 299MB/s ±15% ~ (p=0.295 n=9+20) Throughput/DynamicPacket/8MB-8 334MB/s ± 6% 350MB/s ± 7% +4.58% (p=0.000 n=10+18) Throughput/DynamicPacket/16MB-8 368MB/s ± 3% 388MB/s ± 1% +5.48% (p=0.000 n=10+8) Throughput/DynamicPacket/32MB-8 380MB/s ± 3% 396MB/s ± 2% +4.20% (p=0.000 n=10+10) Throughput/DynamicPacket/64MB-8 384MB/s ± 3% 403MB/s ± 2% +4.83% (p=0.000 n=10+10) Comparing TLS 1.2 and TLS 1.3 at tip shows a slight (~5-10%) slowdown of handshakes, which might be worth looking at next cycle, but the latency improvements are expected to overshadow that. name old time/op new time/op delta HandshakeServer/ECDHE-P256-RSA-8 909µs ± 1% 963µs ± 0% +5.87% (p=0.000 n=17+18) HandshakeServer/ECDHE-P256-ECDSA-P256-8 204µs ± 1% 225µs ± 2% +10.20% (p=0.000 n=18+20) HandshakeServer/ECDHE-X25519-ECDSA-P256-8 208µs ± 1% 230µs ± 2% +10.35% (p=0.000 n=20+18) HandshakeServer/ECDHE-P521-ECDSA-P521-8 15.9ms ± 2% 15.9ms ± 1% ~ (p=0.444 n=20+19) Throughput/MaxPacket/1MB-8 6.14ms ±44% 7.07ms ±46% ~ (p=0.057 n=18+19) Throughput/MaxPacket/2MB-8 8.74ms ±33% 8.61ms ± 9% ~ (p=0.552 n=19+17) Throughput/MaxPacket/4MB-8 14.0ms ±10% 14.1ms ±12% ~ (p=0.707 n=17+20) Throughput/MaxPacket/8MB-8 24.6ms ±16% 25.6ms ±14% ~ (p=0.107 n=19+20) Throughput/MaxPacket/16MB-8 45.9ms ±12% 44.7ms ± 6% ~ (p=0.607 n=20+19) Throughput/MaxPacket/32MB-8 86.0ms ± 4% 87.9ms ± 8% ~ (p=0.113 n=20+19) Throughput/MaxPacket/64MB-8 167ms ± 7% 169ms ± 2% +1.26% (p=0.011 n=19+19) Throughput/DynamicPacket/1MB-8 6.59ms ±64% 6.79ms ±43% ~ (p=0.480 n=18+19) Throughput/DynamicPacket/2MB-8 8.73ms ±21% 9.58ms ±13% +9.71% (p=0.006 n=18+20) Throughput/DynamicPacket/4MB-8 14.0ms ±11% 13.9ms ±10% ~ (p=0.687 n=19+20) Throughput/DynamicPacket/8MB-8 24.0ms ± 7% 24.6ms ± 8% +2.36% (p=0.045 n=18+17) Throughput/DynamicPacket/16MB-8 43.3ms ± 1% 44.3ms ± 2% +2.48% (p=0.001 n=8+9) Throughput/DynamicPacket/32MB-8 84.8ms ± 2% 86.7ms ± 2% +2.27% (p=0.000 n=10+10) Throughput/DynamicPacket/64MB-8 167ms ± 2% 170ms ± 3% +1.89% (p=0.005 n=10+10) Latency/MaxPacket/200kbps-8 694ms ± 0% 699ms ± 0% +0.65% (p=0.000 n=9+10) Latency/MaxPacket/500kbps-8 279ms ± 0% 280ms ± 0% +0.68% (p=0.000 n=10+10) Latency/MaxPacket/1000kbps-8 140ms ± 0% 141ms ± 0% +0.59% (p=0.000 n=9+9) Latency/MaxPacket/2000kbps-8 71.0ms ± 0% 71.3ms ± 0% +0.42% (p=0.000 n=9+9) Latency/MaxPacket/5000kbps-8 30.1ms ± 6% 30.7ms ±10% +1.93% (p=0.019 n=9+9) Latency/DynamicPacket/200kbps-8 134ms ± 0% 138ms ± 0% +3.22% (p=0.000 n=9+10) Latency/DynamicPacket/500kbps-8 54.7ms ± 0% 56.3ms ± 0% +3.03% (p=0.000 n=10+8) Latency/DynamicPacket/1000kbps-8 29.1ms ± 8% 29.1ms ± 0% ~ (p=0.173 n=10+8) Latency/DynamicPacket/2000kbps-8 15.9ms ±10% 16.4ms ±36% ~ (p=0.633 n=10+8) Latency/DynamicPacket/5000kbps-8 9.65ms ±82% 8.32ms ± 8% ~ (p=0.573 n=10+8) name old speed new speed delta Throughput/MaxPacket/1MB-8 167MB/s ±64% 155MB/s ±55% ~ (p=0.224 n=20+19) Throughput/MaxPacket/2MB-8 241MB/s ±40% 244MB/s ± 9% ~ (p=0.407 n=20+17) Throughput/MaxPacket/4MB-8 300MB/s ± 9% 298MB/s ±11% ~ (p=0.707 n=17+20) Throughput/MaxPacket/8MB-8 340MB/s ±17% 330MB/s ±13% ~ (p=0.201 n=20+20) Throughput/MaxPacket/16MB-8 367MB/s ±11% 375MB/s ± 5% ~ (p=0.607 n=20+19) Throughput/MaxPacket/32MB-8 390MB/s ± 4% 382MB/s ± 8% ~ (p=0.113 n=20+19) Throughput/MaxPacket/64MB-8 401MB/s ± 7% 397MB/s ± 2% -0.96% (p=0.030 n=20+19) Throughput/DynamicPacket/1MB-8 157MB/s ±73% 156MB/s ±39% ~ (p=0.738 n=20+20) Throughput/DynamicPacket/2MB-8 243MB/s ±18% 220MB/s ±14% -9.65% (p=0.006 n=18+20) Throughput/DynamicPacket/4MB-8 299MB/s ±15% 303MB/s ± 9% ~ (p=0.512 n=20+20) Throughput/DynamicPacket/8MB-8 350MB/s ± 7% 342MB/s ± 8% -2.27% (p=0.045 n=18+17) Throughput/DynamicPacket/16MB-8 388MB/s ± 1% 378MB/s ± 2% -2.41% (p=0.001 n=8+9) Throughput/DynamicPacket/32MB-8 396MB/s ± 2% 387MB/s ± 2% -2.21% (p=0.000 n=10+10) Throughput/DynamicPacket/64MB-8 403MB/s ± 2% 396MB/s ± 3% -1.84% (p=0.005 n=10+10) Fixes #9671 Change-Id: Ieb57c5140eb2c083b8be0d42b240cd2eeec0dcf6 Reviewed-on: https://go-review.googlesource.com/c/147638 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Adam Langley <agl@golang.org>
2025-04-03 20:17:36 +03:00 · 2018-11-05 22:52:51 -05:00 · 2018-11-05 22:52:51 -05:00 · 5db23cd389
commit 5db23cd389
parent 07b241c4b9
83 changed files with 3733 additions and 3281 deletions
--- a/testdata/Server-TLSv12-RSA-AES256-GCM-SHA384
+++ b/testdata/Server-TLSv12-RSA-AES256-GCM-SHA384
@ -1,16 +1,18 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 73 01 00 00  6f 03 03 7c 43 b4 7c 36  |....s...o..|C.|6|
-00000010  56 e5 d4 47 83 a7 ae 17  cb 5e 7d 5f b7 ef 41 dd  |V..G.....^}_..A.|
-00000020  63 d3 e6 a0 62 f7 af 91  25 75 15 00 00 04 c0 30  |c...b...%u.....0|
-00000030  00 ff 01 00 00 42 00 0b  00 04 03 00 01 02 00 0a  |.....B..........|
-00000040  00 0a 00 08 00 1d 00 17  00 19 00 18 00 0d 00 20  |............... |
-00000050  00 1e 06 01 06 02 06 03  05 01 05 02 05 03 04 01  |................|
-00000060  04 02 04 03 03 01 03 02  03 03 02 01 02 02 02 03  |................|
-00000070  00 16 00 00 00 17 00 00                           |........|
+00000000  16 03 01 00 97 01 00 00  93 03 03 39 40 da f7 9f  |...........9@...|
+00000010  e9 66 91 25 2a d0 74 e1  71 4b 74 ff 47 41 5e f4  |.f.%*.t.qKt.GA^.|
+00000020  d2 71 d0 3e 96 8e 8e 31  ee 81 8b 00 00 04 c0 30  |.q.>...1.......0|
+00000030  00 ff 01 00 00 66 00 00  00 0e 00 0c 00 00 09 31  |.....f.........1|
+00000040  32 37 2e 30 2e 30 2e 31  00 0b 00 04 03 00 01 02  |27.0.0.1........|
+00000050  00 0a 00 0c 00 0a 00 1d  00 17 00 1e 00 19 00 18  |................|
+00000060  00 16 00 00 00 17 00 00  00 0d 00 30 00 2e 04 03  |...........0....|
+00000070  05 03 06 03 08 07 08 08  08 09 08 0a 08 0b 08 04  |................|
+00000080  08 05 08 06 04 01 05 01  06 01 03 03 02 03 03 01  |................|
+00000090  02 01 03 02 02 02 04 02  05 02 06 02              |............|
 >>> Flow 2 (server to client)
 00000000  16 03 03 00 31 02 00 00  2d 03 03 00 00 00 00 00  |....1...-.......|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 c0 30 00 00  |.............0..|
+00000020  00 00 00 44 4f 57 4e 47  52 44 01 00 c0 30 00 00  |...DOWNGRD...0..|
 00000030  05 ff 01 00 01 00 16 03  03 02 59 0b 00 02 55 00  |..........Y...U.|
 00000040  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
 00000050  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
@ -52,28 +54,28 @@
 00000290  3b e9 fa e7 16 03 03 00  ac 0c 00 00 a8 03 00 1d  |;...............|
 000002a0  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
 000002b0  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-000002c0  74 06 01 00 80 8b b6 3e  52 d2 87 bf 9f 82 6d 0e  |t......>R.....m.|
-000002d0  8f de 69 34 58 71 9e 36  46 35 7e 73 ad f0 ee 30  |..i4Xq.6F5~s...0|
-000002e0  0c 95 dc cc 28 ce 9b ee  e6 44 3d ab ab 60 13 7c  |....(....D=..`.||
-000002f0  3d 37 2d d0 36 95 04 74  df 5a a5 ef 9b 68 7c 58  |=7-.6..t.Z...h|X|
-00000300  b4 22 e9 5d 15 aa 18 cc  fc 8d 35 f4 ad aa dc 0d  |.".]......5.....|
-00000310  86 b6 e5 ac e3 8f ea c7  63 c6 a5 1e 2a 7e e2 9b  |........c...*~..|
-00000320  05 33 81 04 d4 87 ad 15  2d 7f 91 fd ca 85 a8 cb  |.3......-.......|
-00000330  66 56 e3 7a 4a 90 8c dc  7d 8f d0 af 6e 5e 88 7b  |fV.zJ...}...n^.{|
-00000340  34 2e 2f a0 2e 16 03 03  00 04 0e 00 00 00        |4./...........|
+000002c0  74 08 04 00 80 67 b9 f4  b4 4e 00 7c 40 80 f1 77  |t....g...N.|@..w|
+000002d0  2e 09 f6 04 17 bb ab f6  e1 13 03 b3 b6 71 22 0b  |.............q".|
+000002e0  38 49 98 65 54 db 3b e0  71 17 2a f3 d4 2a 0d 7e  |8I.eT.;.q.*..*.~|
+000002f0  af 56 37 ea a9 1e df 45  24 fd 90 ad 5e 3c aa 2e  |.V7....E$...^<..|
+00000300  98 74 b5 dc b5 22 0e 77  70 66 2f 6e d7 49 f6 a1  |.t...".wpf/n.I..|
+00000310  93 c9 0a ce 45 2b 55 bb  02 a3 b1 1d 5f 45 08 cd  |....E+U....._E..|
+00000320  4d 34 9e ef 27 f2 f0 af  a8 bd 14 60 45 df b4 54  |M4..'......`E..T|
+00000330  2c 6f c8 c8 dc f1 07 9a  e8 f3 f3 40 1d 29 39 9e  |,o.........@.)9.|
+00000340  a0 28 3a 19 de 16 03 03  00 04 0e 00 00 00        |.(:...........|
 >>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 a5 ce 37 03 eb 08  |....%...! ..7...|
-00000010  67 8e 6b f8 37 b6 f8 cd  c6 62 59 c1 8f 46 22 0d  |g.k.7....bY..F".|
-00000020  d8 e1 85 2e 26 dc 40 d3  f0 60 14 03 03 00 01 01  |....&.@..`......|
-00000030  16 03 03 00 28 7d cf e0  cb 63 b3 22 fb b2 94 82  |....(}...c."....|
-00000040  a7 1e 8d 71 15 a8 ba 14  b6 4b 67 37 f9 78 c4 33  |...q.....Kg7.x.3|
-00000050  1b 7d 6c 8b 56 8f 85 d1  3e d3 9c 9f 95           |.}l.V...>....|
+00000000  16 03 03 00 25 10 00 00  21 20 73 eb 70 45 10 e4  |....%...! s.pE..|
+00000010  a7 a6 35 b2 51 59 1e 6d  65 9a 0e d4 5a c2 39 13  |..5.QY.me...Z.9.|
+00000020  81 83 41 f8 60 0c 6b 0e  7f 4c 14 03 03 00 01 01  |..A.`.k..L......|
+00000030  16 03 03 00 28 44 ed a7  2b dc 7a 00 b5 26 bd 56  |....(D..+.z..&.V|
+00000040  0d b7 47 f3 2c d8 b7 c5  f6 21 3a e6 1f b8 fd 3a  |..G.,....!:....:|
+00000050  f8 44 65 0d 6e fd b8 32  cf dd f5 25 ce           |.De.n..2...%.|
 >>> Flow 4 (server to client)
 00000000  14 03 03 00 01 01 16 03  03 00 28 00 00 00 00 00  |..........(.....|
-00000010  00 00 00 3e cd 20 97 7b  b3 2c 24 f2 cc ac 70 a4  |...>. .{.,$...p.|
-00000020  4f f5 db 05 51 52 a8 ff  6e 01 98 c3 ec c7 2c 97  |O...QR..n.....,.|
-00000030  6f f9 2c 17 03 03 00 25  00 00 00 00 00 00 00 01  |o.,....%........|
-00000040  67 b8 c3 d5 7e 02 18 6f  b8 db 10 5c 28 29 3d f6  |g...~..o...\()=.|
-00000050  d0 69 a1 4f e8 a4 ce 22  81 65 10 7e d1 15 03 03  |.i.O...".e.~....|
-00000060  00 1a 00 00 00 00 00 00  00 02 b0 df 28 f8 b8 f2  |............(...|
-00000070  32 43 c3 d0 01 55 8f 47  c1 52 8d e3              |2C...U.G.R..|
+00000010  00 00 00 cb e9 44 b4 25  7e a5 9d ed 8e 8b 5c 4c  |.....D.%~.....\L|
+00000020  b9 c4 85 5b 9b 03 02 34  2c 61 40 fe 4a 84 9d 42  |...[...4,a@.J..B|
+00000030  67 67 53 17 03 03 00 25  00 00 00 00 00 00 00 01  |ggS....%........|
+00000040  ec a1 21 b6 85 61 d1 35  71 50 c1 6d 4d 32 81 3f  |..!..a.5qP.mM2.?|
+00000050  24 38 1d 8a 45 f7 9e 14  3b be e9 ec 37 15 03 03  |$8..E...;...7...|
+00000060  00 1a 00 00 00 00 00 00  00 02 f7 76 a1 1b bb 55  |...........v...U|
+00000070  aa 1d 10 c2 07 61 b3 0d  54 2d 6b e4              |.....a..T-k.|