crypto/tls: enable TLS 1.3 and update tests

To disable TLS 1.3, simply remove VersionTLS13 from supportedVersions, as tested by TestEscapeRoute, and amend documentation. To make it opt-in, revert the change to (*Config).supportedVersions from this CL. I did not have the heart to implement the early data skipping feature when I realized that it did not offer a choice between two abstraction-breaking options, but demanded them both (look for handshake type in case of HelloRetryRequest, trial decryption otherwise). It's a lot of complexity for an apparently small gain, but if anyone has strong opinions about it let me know. Note that in TLS 1.3 alerts are encrypted, so the close_notify peeking to return (n > 0, io.EOF) from Read doesn't work. If we are lucky, those servers that unexpectedly close connections after serving a single request will have stopped (maybe thanks to H/2) before they got updated to TLS 1.3. Relatedly, session tickets are now provisioned on the client first Read instead of at Handshake time, because they are, well, post-handshake messages. If this proves to be a problem we might try to peek at them. Doubled the tests that cover logic that's different in TLS 1.3. The benchmarks for TLS 1.2 compared to be0f3c286b5 (before TLS 1.3 and its refactors, after CL 142817 changed them to use real connections) show little movement. name old time/op new time/op delta HandshakeServer/RSA-8 795µs ± 1% 798µs ± 1% ~ (p=0.057 n=10+18) HandshakeServer/ECDHE-P256-RSA-8 903µs ± 0% 909µs ± 1% +0.68% (p=0.000 n=8+17) HandshakeServer/ECDHE-P256-ECDSA-P256-8 198µs ± 0% 204µs ± 1% +3.24% (p=0.000 n=9+18) HandshakeServer/ECDHE-X25519-ECDSA-P256-8 202µs ± 3% 208µs ± 1% +2.98% (p=0.000 n=9+20) HandshakeServer/ECDHE-P521-ECDSA-P521-8 15.5ms ± 1% 15.9ms ± 2% +2.49% (p=0.000 n=10+20) Throughput/MaxPacket/1MB-8 5.81ms ±23% 6.14ms ±44% ~ (p=0.605 n=8+18) Throughput/MaxPacket/2MB-8 8.91ms ±22% 8.74ms ±33% ~ (p=0.498 n=9+19) Throughput/MaxPacket/4MB-8 12.8ms ± 3% 14.0ms ±10% +9.74% (p=0.000 n=10+17) Throughput/MaxPacket/8MB-8 25.1ms ± 7% 24.6ms ±16% ~ (p=0.129 n=9+19) Throughput/MaxPacket/16MB-8 46.3ms ± 4% 45.9ms ±12% ~ (p=0.340 n=9+20) Throughput/MaxPacket/32MB-8 88.5ms ± 4% 86.0ms ± 4% -2.82% (p=0.004 n=10+20) Throughput/MaxPacket/64MB-8 173ms ± 2% 167ms ± 7% -3.42% (p=0.001 n=10+19) Throughput/DynamicPacket/1MB-8 5.88ms ± 4% 6.59ms ±64% ~ (p=0.232 n=9+18) Throughput/DynamicPacket/2MB-8 9.08ms ±12% 8.73ms ±21% ~ (p=0.408 n=10+18) Throughput/DynamicPacket/4MB-8 14.2ms ± 5% 14.0ms ±11% ~ (p=0.188 n=9+19) Throughput/DynamicPacket/8MB-8 25.1ms ± 6% 24.0ms ± 7% -4.39% (p=0.000 n=10+18) Throughput/DynamicPacket/16MB-8 45.6ms ± 3% 43.3ms ± 1% -5.22% (p=0.000 n=10+8) Throughput/DynamicPacket/32MB-8 88.4ms ± 3% 84.8ms ± 2% -4.06% (p=0.000 n=10+10) Throughput/DynamicPacket/64MB-8 175ms ± 3% 167ms ± 2% -4.63% (p=0.000 n=10+10) Latency/MaxPacket/200kbps-8 694ms ± 0% 694ms ± 0% -0.02% (p=0.000 n=9+9) Latency/MaxPacket/500kbps-8 279ms ± 0% 279ms ± 0% -0.09% (p=0.000 n=10+10) Latency/MaxPacket/1000kbps-8 140ms ± 0% 140ms ± 0% -0.15% (p=0.000 n=10+9) Latency/MaxPacket/2000kbps-8 71.1ms ± 0% 71.0ms ± 0% -0.09% (p=0.001 n=8+9) Latency/MaxPacket/5000kbps-8 30.5ms ± 6% 30.1ms ± 6% ~ (p=0.905 n=10+9) Latency/DynamicPacket/200kbps-8 134ms ± 0% 134ms ± 0% ~ (p=0.796 n=9+9) Latency/DynamicPacket/500kbps-8 54.8ms ± 0% 54.7ms ± 0% -0.18% (p=0.000 n=8+10) Latency/DynamicPacket/1000kbps-8 28.5ms ± 0% 29.1ms ± 8% ~ (p=0.173 n=8+10) Latency/DynamicPacket/2000kbps-8 15.3ms ± 6% 15.9ms ±10% ~ (p=0.905 n=9+10) Latency/DynamicPacket/5000kbps-8 9.14ms ±21% 9.65ms ±82% ~ (p=0.529 n=10+10) name old speed new speed delta Throughput/MaxPacket/1MB-8 175MB/s ±13% 167MB/s ±64% ~ (p=0.646 n=7+20) Throughput/MaxPacket/2MB-8 241MB/s ±25% 241MB/s ±40% ~ (p=0.660 n=9+20) Throughput/MaxPacket/4MB-8 328MB/s ± 3% 300MB/s ± 9% -8.70% (p=0.000 n=10+17) Throughput/MaxPacket/8MB-8 335MB/s ± 7% 340MB/s ±17% ~ (p=0.212 n=9+20) Throughput/MaxPacket/16MB-8 363MB/s ± 4% 367MB/s ±11% ~ (p=0.340 n=9+20) Throughput/MaxPacket/32MB-8 379MB/s ± 4% 390MB/s ± 4% +2.93% (p=0.004 n=10+20) Throughput/MaxPacket/64MB-8 388MB/s ± 2% 401MB/s ± 7% +3.25% (p=0.004 n=10+20) Throughput/DynamicPacket/1MB-8 178MB/s ± 4% 157MB/s ±73% ~ (p=0.127 n=9+20) Throughput/DynamicPacket/2MB-8 232MB/s ±11% 243MB/s ±18% ~ (p=0.415 n=10+18) Throughput/DynamicPacket/4MB-8 296MB/s ± 5% 299MB/s ±15% ~ (p=0.295 n=9+20) Throughput/DynamicPacket/8MB-8 334MB/s ± 6% 350MB/s ± 7% +4.58% (p=0.000 n=10+18) Throughput/DynamicPacket/16MB-8 368MB/s ± 3% 388MB/s ± 1% +5.48% (p=0.000 n=10+8) Throughput/DynamicPacket/32MB-8 380MB/s ± 3% 396MB/s ± 2% +4.20% (p=0.000 n=10+10) Throughput/DynamicPacket/64MB-8 384MB/s ± 3% 403MB/s ± 2% +4.83% (p=0.000 n=10+10) Comparing TLS 1.2 and TLS 1.3 at tip shows a slight (~5-10%) slowdown of handshakes, which might be worth looking at next cycle, but the latency improvements are expected to overshadow that. name old time/op new time/op delta HandshakeServer/ECDHE-P256-RSA-8 909µs ± 1% 963µs ± 0% +5.87% (p=0.000 n=17+18) HandshakeServer/ECDHE-P256-ECDSA-P256-8 204µs ± 1% 225µs ± 2% +10.20% (p=0.000 n=18+20) HandshakeServer/ECDHE-X25519-ECDSA-P256-8 208µs ± 1% 230µs ± 2% +10.35% (p=0.000 n=20+18) HandshakeServer/ECDHE-P521-ECDSA-P521-8 15.9ms ± 2% 15.9ms ± 1% ~ (p=0.444 n=20+19) Throughput/MaxPacket/1MB-8 6.14ms ±44% 7.07ms ±46% ~ (p=0.057 n=18+19) Throughput/MaxPacket/2MB-8 8.74ms ±33% 8.61ms ± 9% ~ (p=0.552 n=19+17) Throughput/MaxPacket/4MB-8 14.0ms ±10% 14.1ms ±12% ~ (p=0.707 n=17+20) Throughput/MaxPacket/8MB-8 24.6ms ±16% 25.6ms ±14% ~ (p=0.107 n=19+20) Throughput/MaxPacket/16MB-8 45.9ms ±12% 44.7ms ± 6% ~ (p=0.607 n=20+19) Throughput/MaxPacket/32MB-8 86.0ms ± 4% 87.9ms ± 8% ~ (p=0.113 n=20+19) Throughput/MaxPacket/64MB-8 167ms ± 7% 169ms ± 2% +1.26% (p=0.011 n=19+19) Throughput/DynamicPacket/1MB-8 6.59ms ±64% 6.79ms ±43% ~ (p=0.480 n=18+19) Throughput/DynamicPacket/2MB-8 8.73ms ±21% 9.58ms ±13% +9.71% (p=0.006 n=18+20) Throughput/DynamicPacket/4MB-8 14.0ms ±11% 13.9ms ±10% ~ (p=0.687 n=19+20) Throughput/DynamicPacket/8MB-8 24.0ms ± 7% 24.6ms ± 8% +2.36% (p=0.045 n=18+17) Throughput/DynamicPacket/16MB-8 43.3ms ± 1% 44.3ms ± 2% +2.48% (p=0.001 n=8+9) Throughput/DynamicPacket/32MB-8 84.8ms ± 2% 86.7ms ± 2% +2.27% (p=0.000 n=10+10) Throughput/DynamicPacket/64MB-8 167ms ± 2% 170ms ± 3% +1.89% (p=0.005 n=10+10) Latency/MaxPacket/200kbps-8 694ms ± 0% 699ms ± 0% +0.65% (p=0.000 n=9+10) Latency/MaxPacket/500kbps-8 279ms ± 0% 280ms ± 0% +0.68% (p=0.000 n=10+10) Latency/MaxPacket/1000kbps-8 140ms ± 0% 141ms ± 0% +0.59% (p=0.000 n=9+9) Latency/MaxPacket/2000kbps-8 71.0ms ± 0% 71.3ms ± 0% +0.42% (p=0.000 n=9+9) Latency/MaxPacket/5000kbps-8 30.1ms ± 6% 30.7ms ±10% +1.93% (p=0.019 n=9+9) Latency/DynamicPacket/200kbps-8 134ms ± 0% 138ms ± 0% +3.22% (p=0.000 n=9+10) Latency/DynamicPacket/500kbps-8 54.7ms ± 0% 56.3ms ± 0% +3.03% (p=0.000 n=10+8) Latency/DynamicPacket/1000kbps-8 29.1ms ± 8% 29.1ms ± 0% ~ (p=0.173 n=10+8) Latency/DynamicPacket/2000kbps-8 15.9ms ±10% 16.4ms ±36% ~ (p=0.633 n=10+8) Latency/DynamicPacket/5000kbps-8 9.65ms ±82% 8.32ms ± 8% ~ (p=0.573 n=10+8) name old speed new speed delta Throughput/MaxPacket/1MB-8 167MB/s ±64% 155MB/s ±55% ~ (p=0.224 n=20+19) Throughput/MaxPacket/2MB-8 241MB/s ±40% 244MB/s ± 9% ~ (p=0.407 n=20+17) Throughput/MaxPacket/4MB-8 300MB/s ± 9% 298MB/s ±11% ~ (p=0.707 n=17+20) Throughput/MaxPacket/8MB-8 340MB/s ±17% 330MB/s ±13% ~ (p=0.201 n=20+20) Throughput/MaxPacket/16MB-8 367MB/s ±11% 375MB/s ± 5% ~ (p=0.607 n=20+19) Throughput/MaxPacket/32MB-8 390MB/s ± 4% 382MB/s ± 8% ~ (p=0.113 n=20+19) Throughput/MaxPacket/64MB-8 401MB/s ± 7% 397MB/s ± 2% -0.96% (p=0.030 n=20+19) Throughput/DynamicPacket/1MB-8 157MB/s ±73% 156MB/s ±39% ~ (p=0.738 n=20+20) Throughput/DynamicPacket/2MB-8 243MB/s ±18% 220MB/s ±14% -9.65% (p=0.006 n=18+20) Throughput/DynamicPacket/4MB-8 299MB/s ±15% 303MB/s ± 9% ~ (p=0.512 n=20+20) Throughput/DynamicPacket/8MB-8 350MB/s ± 7% 342MB/s ± 8% -2.27% (p=0.045 n=18+17) Throughput/DynamicPacket/16MB-8 388MB/s ± 1% 378MB/s ± 2% -2.41% (p=0.001 n=8+9) Throughput/DynamicPacket/32MB-8 396MB/s ± 2% 387MB/s ± 2% -2.21% (p=0.000 n=10+10) Throughput/DynamicPacket/64MB-8 403MB/s ± 2% 396MB/s ± 3% -1.84% (p=0.005 n=10+10) Fixes #9671 Change-Id: Ieb57c5140eb2c083b8be0d42b240cd2eeec0dcf6 Reviewed-on: https://go-review.googlesource.com/c/147638 Run-TryBot: Filippo Valsorda <filippo@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Adam Langley <agl@golang.org>
2025-04-03 20:17:36 +03:00 · 2018-11-05 22:52:51 -05:00 · 2018-11-05 22:52:51 -05:00 · 5db23cd389
commit 5db23cd389
parent 07b241c4b9
83 changed files with 3733 additions and 3281 deletions
--- a/testdata/Server-TLSv12-RSA-RSAPKCS1v15
+++ b/testdata/Server-TLSv12-RSA-RSAPKCS1v15
@ -1,7 +1,7 @@
 >>> Flow 1 (client to server)
-00000000  16 03 01 00 91 01 00 00  8d 03 03 ec 99 6a cd 52  |.............j.R|
-00000010  bd ce 27 73 64 a2 7e 60  3a 82 ab 1d e9 71 a2 ca  |..'sd.~`:....q..|
-00000020  a5 0e 55 d0 0b 37 3b c7  b1 85 2a 00 00 2a c0 30  |..U..7;...*..*.0|
+00000000  16 03 01 00 91 01 00 00  8d 03 03 c1 6b f6 4d 77  |............k.Mw|
+00000010  95 dc 8a 54 04 62 4a b4  dc e3 06 51 b8 88 4e 9f  |...T.bJ....Q..N.|
+00000020  9a f5 2b 87 82 51 df e9  54 c7 93 00 00 2a c0 30  |..+..Q..T....*.0|
 00000030  00 9f cc a8 cc aa c0 2f  00 9e c0 28 00 6b c0 27  |......./...(.k.'|
 00000040  00 67 c0 14 00 39 c0 13  00 33 00 9d 00 9c 00 3d  |.g...9...3.....=|
 00000050  00 3c 00 35 00 2f 00 ff  01 00 00 3a 00 00 00 0e  |.<.5./.....:....|
@ -12,7 +12,7 @@
 >>> Flow 2 (server to client)
 00000000  16 03 03 00 31 02 00 00  2d 03 03 00 00 00 00 00  |....1...-.......|
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000020  00 00 00 00 00 00 00 00  00 00 00 00 c0 30 00 00  |.............0..|
+00000020  00 00 00 44 4f 57 4e 47  52 44 01 00 c0 30 00 00  |...DOWNGRD...0..|
 00000030  05 ff 01 00 01 00 16 03  03 02 59 0b 00 02 55 00  |..........Y...U.|
 00000040  02 52 00 02 4f 30 82 02  4b 30 82 01 b4 a0 03 02  |.R..O0..K0......|
 00000050  01 02 02 09 00 e8 f0 9d  3f e2 5b ea a6 30 0d 06  |........?.[..0..|
@ -54,28 +54,28 @@
 00000290  3b e9 fa e7 16 03 03 00  ac 0c 00 00 a8 03 00 1d  |;...............|
 000002a0  20 2f e5 7d a3 47 cd 62  43 15 28 da ac 5f bb 29  | /.}.G.bC.(.._.)|
 000002b0  07 30 ff f6 84 af c4 cf  c2 ed 90 99 5f 58 cb 3b  |.0.........._X.;|
-000002c0  74 04 01 00 80 01 8b dc  db 2c 6b fd 9e 85 a4 9c  |t........,k.....|
-000002d0  3c 04 43 91 99 14 29 60  b8 4e d1 47 f0 df 98 7f  |<.C...)`.N.G....|
-000002e0  0f d6 3e 7b 2b f3 6a 2c  a0 20 da 51 75 a0 06 1c  |..>{+.j,. .Qu...|
-000002f0  40 8b 64 40 65 ab e9 83  f6 2c bf fd 94 ae 19 e3  |@.d@e....,......|
-00000300  29 ba fb 31 30 1c aa 28  94 de c2 62 96 74 d5 18  |)..10..(...b.t..|
-00000310  2e 31 bb 38 7b e3 60 69  ce ee c7 a6 25 d4 6d 70  |.1.8{.`i....%.mp|
-00000320  a6 2b 10 3b 70 89 86 01  ad 1b f5 e3 98 fa d9 06  |.+.;p...........|
-00000330  3f 84 28 87 16 60 c0 17  b9 35 21 81 03 a9 01 e5  |?.(..`...5!.....|
-00000340  6e 9c b6 a7 84 16 03 03  00 04 0e 00 00 00        |n.............|
+000002c0  74 04 01 00 80 15 c5 ee  da 37 f8 6d b8 9e 7c 68  |t........7.m..|h|
+000002d0  b2 08 2a 8d 79 6c 6e 95  4e b5 6f 8e 84 24 31 d4  |..*.yln.N.o..$1.|
+000002e0  e7 8c 6c 7e 9c 58 a4 fe  18 59 aa f7 0d 7d ff 7a  |..l~.X...Y...}.z|
+000002f0  f2 b0 eb b6 d3 4f fa 3f  36 0d 2e 43 8e d7 96 14  |.....O.?6..C....|
+00000300  99 a0 34 6a 51 cf 49 48  2f 6a 69 3b e4 ec 8b 61  |..4jQ.IH/ji;...a|
+00000310  a1 f4 ea 20 c5 72 90 b1  c6 54 75 42 4e f6 1f 12  |... .r...TuBN...|
+00000320  da e1 98 36 01 02 30 b4  75 7b 4f 4b f1 4f ac 20  |...6..0.u{OK.O. |
+00000330  ac c8 d2 0f 8f 2a 00 09  b8 2c ab 9e 5f b2 ce 25  |.....*...,.._..%|
+00000340  e3 a3 27 9d 53 16 03 03  00 04 0e 00 00 00        |..'.S.........|
 >>> Flow 3 (client to server)
-00000000  16 03 03 00 25 10 00 00  21 20 93 76 b8 62 b9 0d  |....%...! .v.b..|
-00000010  b5 d6 17 90 e7 b5 e8 36  af 02 2d b5 fd 91 0e 19  |.......6..-.....|
-00000020  1d 32 43 e9 8a 3f 04 e8  fa 01 14 03 03 00 01 01  |.2C..?..........|
-00000030  16 03 03 00 28 e4 b2 65  0e 2d 46 44 7c 28 95 4c  |....(..e.-FD|(.L|
-00000040  a6 51 39 ee 94 1a 86 45  e5 d8 60 dc 29 56 29 6e  |.Q9....E..`.)V)n|
-00000050  fb d7 70 a7 78 bd bb 8d  6d a7 5d ea 2c           |..p.x...m.].,|
+00000000  16 03 03 00 25 10 00 00  21 20 fe 11 76 84 dd 42  |....%...! ..v..B|
+00000010  d9 fd ad 50 81 7e 62 d4  38 cb b3 5d ec c8 5a 7a  |...P.~b.8..]..Zz|
+00000020  40 d9 10 23 2f e6 c7 a8  95 3b 14 03 03 00 01 01  |@..#/....;......|
+00000030  16 03 03 00 28 61 18 1a  65 0c 24 59 01 fe 28 fc  |....(a..e.$Y..(.|
+00000040  4f 7f d9 c5 6d b7 bf 9c  5c 8b dc 91 e7 48 40 72  |O...m...\....H@r|
+00000050  06 4d 49 a4 4d 32 e2 10  b9 36 a4 06 a6           |.MI.M2...6...|
 >>> Flow 4 (server to client)
 00000000  14 03 03 00 01 01 16 03  03 00 28 00 00 00 00 00  |..........(.....|
-00000010  00 00 00 a2 01 62 5a 8b  37 c9 c1 ad 3d 6e 45 ad  |.....bZ.7...=nE.|
-00000020  2b f9 08 52 b5 63 6f c7  17 3f ba d3 de fb f6 86  |+..R.co..?......|
-00000030  81 25 c6 17 03 03 00 25  00 00 00 00 00 00 00 01  |.%.....%........|
-00000040  35 89 b4 04 49 6d ad 78  04 59 60 a8 5e 7e fe 6f  |5...Im.x.Y`.^~.o|
-00000050  6a 76 20 0a 75 1d f0 b1  e9 50 0f 3a af 15 03 03  |jv .u....P.:....|
-00000060  00 1a 00 00 00 00 00 00  00 02 dc 6c be a6 a8 23  |...........l...#|
-00000070  62 30 51 66 d3 b9 f4 a7  da 4d b2 76              |b0Qf.....M.v|
+00000010  00 00 00 6c 7b 84 e6 84  d3 31 8e 6a 3e e7 7e f2  |...l{....1.j>.~.|
+00000020  94 16 6c 6f 01 a9 2d f7  de 5d 94 b2 9c 4b f0 51  |..lo..-..]...K.Q|
+00000030  70 9e 3c 17 03 03 00 25  00 00 00 00 00 00 00 01  |p.<....%........|
+00000040  94 ca c5 e7 58 20 7d 3b  74 9d e0 97 a2 dd 63 ab  |....X };t.....c.|
+00000050  33 08 2f 16 69 59 ba 0e  82 52 75 98 eb 15 03 03  |3./.iY...Ru.....|
+00000060  00 1a 00 00 00 00 00 00  00 02 fc 38 72 72 09 6a  |...........8rr.j|
+00000070  ee c0 61 39 50 71 ad d3  ec a9 d1 0e              |..a9Pq......|