mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-04 12:37:35 +03:00
crypto/tls: add support for session ticket key rotation
This change adds a new method to tls.Config, SetSessionTicketKeys, that changes the key used to encrypt session tickets while the server is running. Additional keys may be provided that will be used to maintain continuity while rotating keys. If a ticket encrypted with an old key is provided by the client, the server will resume the session and provide the client with a ticket encrypted using the new key. Fixes #9994 Change-Id: Idbc16b10ff39616109a51ed39a6fa208faad5b4e Reviewed-on: https://go-review.googlesource.com/9072 Reviewed-by: Jonathan Rudenberg <jonathan@titanous.com> Reviewed-by: Adam Langley <agl@golang.org>
This commit is contained in:
Jonathan Rudenberg
Adam Langley
parent
cf04082452
commit
7576470d56
10 changed files with 367 additions and 242 deletions
69
testdata/Server-TLSv12-IssueTicketPreDisable
vendored
69
testdata/Server-TLSv12-IssueTicketPreDisable
vendored
|
|
@ -1,11 +1,11 @@
|
|||
>>> Flow 1 (client to server)
|
||||
00000000 16 03 01 00 60 01 00 00 5c 03 03 54 23 54 02 17 |....`...\..T#T..|
|
||||
00000010 f3 53 13 3d 48 88 c3 19 b9 d1 3d 33 7f f5 99 56 |.S.=H.....=3...V|
|
||||
00000020 04 71 1b d9 d5 64 8a 0d 4a 54 00 00 00 04 00 05 |.q...d..JT......|
|
||||
00000030 00 ff 01 00 00 2f 00 23 00 00 00 0d 00 22 00 20 |...../.#.....". |
|
||||
00000040 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 |................|
|
||||
00000050 04 03 03 01 03 02 03 03 02 01 02 02 02 03 01 01 |................|
|
||||
00000060 00 0f 00 01 01 |.....|
|
||||
00000000 16 03 01 00 5f 01 00 00 5b 03 03 be c5 99 df f1 |...._...[.......|
|
||||
00000010 cc c8 fd d9 4c c5 09 18 5f 59 9a 78 47 ef 00 d5 |....L..._Y.xG...|
|
||||
00000020 81 45 3e ac a0 a5 ee d6 d0 8c d8 00 00 04 00 05 |.E>.............|
|
||||
00000030 00 ff 02 01 00 00 2d 00 23 00 00 00 0d 00 20 00 |......-.#..... .|
|
||||
00000040 1e 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 |................|
|
||||
00000050 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 00 |................|
|
||||
00000060 0f 00 01 01 |....|
|
||||
>>> Flow 2 (server to client)
|
||||
00000000 16 03 03 00 35 02 00 00 31 03 03 00 00 00 00 00 |....5...1.......|
|
||||
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
|
||||
|
|
@ -57,31 +57,32 @@
|
|||
000002f0 71 99 9b 26 6e 38 50 29 6c 90 a7 bd d9 16 03 03 |q..&n8P)l.......|
|
||||
00000300 00 04 0e 00 00 00 |......|
|
||||
>>> Flow 3 (client to server)
|
||||
00000000 16 03 03 00 86 10 00 00 82 00 80 27 e9 a4 f7 e7 |...........'....|
|
||||
00000010 df 25 de 84 8c 1f d6 e6 c3 11 28 55 9a c1 91 37 |.%........(U...7|
|
||||
00000020 84 f5 ba f8 80 0d ca 50 cb 1e 72 f7 97 6f c2 b2 |.......P..r..o..|
|
||||
00000030 04 4d 13 7c e0 6e a0 1f 91 e1 38 1b a2 c0 55 16 |.M.|.n....8...U.|
|
||||
00000040 7f 29 fc ed 1c 1a cf 72 14 c3 00 c1 dd 36 36 af |.).....r.....66.|
|
||||
00000050 a6 e4 a8 be ba ec 13 d0 1e d0 1d fd e1 5b 27 fd |.............['.|
|
||||
00000060 9a da 2e 12 c8 b0 b9 c2 b9 76 ec 7f 3c 98 b6 63 |.........v..<..c|
|
||||
00000070 bc da f0 07 7a 3d e7 61 f4 2f 12 80 3b f9 3b cc |....z=.a./..;.;.|
|
||||
00000080 05 c8 2f 7e 28 b2 73 bf 97 61 29 14 03 03 00 01 |../~(.s..a).....|
|
||||
00000090 01 16 03 03 00 24 17 59 a9 45 53 46 33 96 50 dd |.....$.Y.ESF3.P.|
|
||||
000000a0 3e 23 aa 91 38 f8 56 4a 2f 1a f2 b1 44 9b ce 17 |>#..8.VJ/...D...|
|
||||
000000b0 6b 8a 89 76 bc 67 b8 8b ba 90 |k..v.g....|
|
||||
00000000 16 03 03 00 86 10 00 00 82 00 80 59 1f 86 2f cd |...........Y../.|
|
||||
00000010 b9 8f 0d e8 f9 3a 5b a8 73 2f 33 8b c6 ef 5e e2 |.....:[.s/3...^.|
|
||||
00000020 78 93 fa 40 b7 b4 cb e7 3e 35 15 33 24 1d 63 5d |x..@....>5.3$.c]|
|
||||
00000030 dc 8d 45 94 3f 19 ed e0 3a f3 4e 44 62 1d ff ea |..E.?...:.NDb...|
|
||||
00000040 d6 e4 01 b0 26 c5 36 34 78 d1 e6 62 27 62 f0 29 |....&.64x..b'b.)|
|
||||
00000050 fd 7d 13 af 59 0a 41 fa 78 42 7d 0d d8 07 79 23 |.}..Y.A.xB}...y#|
|
||||
00000060 5e 4e cd 03 b1 3c bb 6d fb 19 54 49 f1 c7 d7 54 |^N...<.m..TI...T|
|
||||
00000070 3e af 11 40 8b 7e 3d 2c 8b e3 02 ad fd 29 88 48 |>..@.~=,.....).H|
|
||||
00000080 b1 ed 52 74 50 a7 ef 99 9f af bd 14 03 03 00 01 |..RtP...........|
|
||||
00000090 01 16 03 03 00 24 f3 c1 8c ee e7 4d 07 80 c4 c3 |.....$.....M....|
|
||||
000000a0 09 87 85 cd 64 46 73 c7 17 4e 9e 90 4c 63 30 35 |....dFs..N..Lc05|
|
||||
000000b0 52 f5 10 f6 60 75 fc 93 41 57 |R...`u..AW|
|
||||
>>> Flow 4 (server to client)
|
||||
00000000 16 03 03 00 72 04 00 00 6e 00 00 00 00 00 68 00 |....r...n.....h.|
|
||||
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 65 |...............e|
|
||||
00000020 ea 4b d1 ef ba 2d db 0c ba 9a d4 20 76 57 c8 ec |.K...-..... vW..|
|
||||
00000030 dc 2d 77 fb fb 3b 93 5f 53 e0 14 4f 90 fb d6 55 |.-w..;._S..O...U|
|
||||
00000040 57 8c 8d 0d 25 ea 5d 0d f2 91 e5 12 22 12 ec 7b |W...%.]....."..{|
|
||||
00000050 5f b6 6e fd 07 59 23 24 fc b1 97 ca ea 56 a5 c2 |_.n..Y#$.....V..|
|
||||
00000060 a0 e4 9e 99 64 f2 64 d0 75 7a 46 63 e3 dc 21 ed |....d.d.uzFc..!.|
|
||||
00000070 78 56 e9 e1 ab 66 80 14 03 03 00 01 01 16 03 03 |xV...f..........|
|
||||
00000080 00 24 fc 14 68 07 17 1f df b7 84 cb fd c1 e0 e4 |.$..h...........|
|
||||
00000090 f2 1a ea 34 b5 00 7f 70 be c8 1c 0a d6 55 e3 57 |...4...p.....U.W|
|
||||
000000a0 50 4e 6d 7d 8a 5d 17 03 03 00 21 24 27 50 40 c1 |PNm}.]....!$'P@.|
|
||||
000000b0 c5 bd c7 9f 95 d9 ba 2e 7b 0e db ea a7 31 81 05 |........{....1..|
|
||||
000000c0 75 43 b1 63 cf b8 55 92 ef 76 98 a9 15 03 03 00 |uC.c..U..v......|
|
||||
000000d0 16 d7 ea 3c 79 e7 a6 2f 61 39 ec 4e 95 86 48 5e |...<y../a9.N..H^|
|
||||
000000e0 75 a0 9e 41 42 89 67 |u..AB.g|
|
||||
00000000 16 03 03 00 82 04 00 00 7e 00 00 00 00 00 78 50 |........~.....xP|
|
||||
00000010 46 ad c1 db a8 38 86 7b 2b bb fd d0 c3 42 3e 00 |F....8.{+....B>.|
|
||||
00000020 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 94 |................|
|
||||
00000030 6f 2c b5 83 61 98 30 ec c6 53 ac a0 2a a9 72 53 |o,..a.0..S..*.rS|
|
||||
00000040 64 7c c5 d5 db 0a 80 d0 1e ea 59 c8 b8 60 ff b9 |d|........Y..`..|
|
||||
00000050 3d 06 68 16 cd 60 3b 15 e9 59 c1 a2 18 76 c2 1f |=.h..`;..Y...v..|
|
||||
00000060 fd 77 00 e6 38 33 94 98 69 cb 23 4a 61 d7 fe 1a |.w..83..i.#Ja...|
|
||||
00000070 e7 3a 57 b1 78 c7 c0 d1 03 bb 83 69 72 b9 25 c3 |.:W.x......ir.%.|
|
||||
00000080 2f f7 56 2e 95 6f 88 14 03 03 00 01 01 16 03 03 |/.V..o..........|
|
||||
00000090 00 24 a6 8c 15 5c ae a0 8c 03 cc d2 2c 45 aa 7a |.$...\......,E.z|
|
||||
000000a0 1d 1a ed 58 f4 92 a2 0d b0 a4 81 90 e3 a6 0b 09 |...X............|
|
||||
000000b0 8f f2 1b 61 c7 f7 17 03 03 00 21 cf 8f 7a 50 bc |...a......!..zP.|
|
||||
000000c0 a9 b6 d2 88 24 21 0b ef 5c e5 1c 34 4a d9 b6 b5 |....$!..\..4J...|
|
||||
000000d0 88 c6 14 8c 79 96 c5 0c 31 22 f8 7d 15 03 03 00 |....y...1".}....|
|
||||
000000e0 16 e7 69 82 9d e6 54 2d f9 6d 04 a9 5b 3e bc f9 |..i...T-.m..[>..|
|
||||
000000f0 4e 1a 07 04 7a 56 50 |N...zVP|
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue