mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-03 03:57:36 +03:00
Fork of the Go standard TLS library, providing low-level access to the ClientHello for mimicry purposes.
anticensorshipcipher-suitesclienthellocryptogolanghandshakelow-level-tlsobfuscationparrottlstls-extension
5ca720fc5e
We used to inconsistently run certificate verification on the server on resumption, but not on the client. This made TLS 1.3 resumption pretty much useless, as it didn't save bytes, CPU, or round-trips. This requires serializing the verified chains into the session ticket, so it's a tradeoff making the ticket bigger to save computation (and for consistency). The previous behavior also had a "stickyness" issue: if a ticket contained invalid certificates, they would be used even if the client had in the meantime configured valid certificates for a full handshake. We also didn't check expiration on the client side on resumption if InsecureSkipVerify was set. Again for consistency, we do that now. Also, we used to run VerifyPeerCertificates on resumption even if NoClientCerts was set. Fixes #31641 Change-Id: Icc88269ea4adb544fa81158114aae76f3c91a15f Reviewed-on: https://go-review.googlesource.com/c/go/+/497895 Reviewed-by: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org> |
||
|---|---|---|
| fipsonly | ||
| testdata | ||
| alert.go | ||
| auth.go | ||
| auth_test.go | ||
| boring.go | ||
| boring_test.go | ||
| cache.go | ||
| cache_test.go | ||
| cipher_suites.go | ||
| common.go | ||
| common_string.go | ||
| conn.go | ||
| conn_test.go | ||
| example_test.go | ||
| generate_cert.go | ||
| handshake_client.go | ||
| handshake_client_test.go | ||
| handshake_client_tls13.go | ||
| handshake_messages.go | ||
| handshake_messages_test.go | ||
| handshake_server.go | ||
| handshake_server_test.go | ||
| handshake_server_tls13.go | ||
| handshake_test.go | ||
| handshake_unix_test.go | ||
| key_agreement.go | ||
| key_schedule.go | ||
| key_schedule_test.go | ||
| link_test.go | ||
| notboring.go | ||
| prf.go | ||
| prf_test.go | ||
| quic.go | ||
| quic_test.go | ||
| ticket.go | ||
| tls.go | ||
| tls_test.go | ||