mirror of
https://github.com/refraction-networking/utls.git
synced 2025-04-03 20:17:36 +03:00
5ca720fc5e
We used to inconsistently run certificate verification on the server on resumption, but not on the client. This made TLS 1.3 resumption pretty much useless, as it didn't save bytes, CPU, or round-trips. This requires serializing the verified chains into the session ticket, so it's a tradeoff making the ticket bigger to save computation (and for consistency). The previous behavior also had a "stickyness" issue: if a ticket contained invalid certificates, they would be used even if the client had in the meantime configured valid certificates for a full handshake. We also didn't check expiration on the client side on resumption if InsecureSkipVerify was set. Again for consistency, we do that now. Also, we used to run VerifyPeerCertificates on resumption even if NoClientCerts was set. Fixes #31641 Change-Id: Icc88269ea4adb544fa81158114aae76f3c91a15f Reviewed-on: https://go-review.googlesource.com/c/go/+/497895 Reviewed-by: Damien Neil <dneil@google.com> TryBot-Result: Gopher Robot <gobot@golang.org> Run-TryBot: Filippo Valsorda <filippo@golang.org> Reviewed-by: Roland Shoemaker <roland@golang.org> Auto-Submit: Filippo Valsorda <filippo@golang.org>
98 lines
7.3 KiB
Text
98 lines
7.3 KiB
Text
>>> Flow 1 (client to server)
|
|
00000000 16 03 01 00 ce 01 00 00 ca 03 03 9b 80 62 b8 bb |.............b..|
|
|
00000010 fc 09 cc 19 31 91 f7 4b 8a e8 fc 69 45 33 bd 64 |....1..K...iE3.d|
|
|
00000020 8c 88 6e 07 0d 33 e7 f2 ce 4b 46 20 81 23 01 a2 |..n..3...KF .#..|
|
|
00000030 64 c3 6d 55 ee 3c f1 c5 16 48 cb a7 61 fe 15 57 |d.mU.<...H..a..W|
|
|
00000040 fa 9e 36 f2 ad 5b 19 2e 73 b9 8f 57 00 04 13 01 |..6..[..s..W....|
|
|
00000050 00 ff 01 00 00 7d 00 0b 00 04 03 00 01 02 00 0a |.....}..........|
|
|
00000060 00 0c 00 0a 00 1d 00 17 00 1e 00 19 00 18 00 23 |...............#|
|
|
00000070 00 00 00 16 00 00 00 17 00 00 00 0d 00 1e 00 1c |................|
|
|
00000080 04 03 05 03 06 03 08 07 08 08 08 09 08 0a 08 0b |................|
|
|
00000090 08 04 08 05 08 06 04 01 05 01 06 01 00 2b 00 03 |.............+..|
|
|
000000a0 02 03 04 00 2d 00 02 01 01 00 33 00 26 00 24 00 |....-.....3.&.$.|
|
|
000000b0 1d 00 20 e2 26 c1 8e 1b 73 8a e1 ec 95 a0 01 1a |.. .&...s.......|
|
|
000000c0 15 98 9d a2 d0 ac 02 4d 14 a9 8d 42 3a 68 e6 d2 |.......M...B:h..|
|
|
000000d0 9f 09 49 |..I|
|
|
>>> Flow 2 (server to client)
|
|
00000000 16 03 03 00 7a 02 00 00 76 03 03 00 00 00 00 00 |....z...v.......|
|
|
00000010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
|
|
00000020 00 00 00 00 00 00 00 00 00 00 00 20 81 23 01 a2 |........... .#..|
|
|
00000030 64 c3 6d 55 ee 3c f1 c5 16 48 cb a7 61 fe 15 57 |d.mU.<...H..a..W|
|
|
00000040 fa 9e 36 f2 ad 5b 19 2e 73 b9 8f 57 13 01 00 00 |..6..[..s..W....|
|
|
00000050 2e 00 2b 00 02 03 04 00 33 00 24 00 1d 00 20 2f |..+.....3.$... /|
|
|
00000060 e5 7d a3 47 cd 62 43 15 28 da ac 5f bb 29 07 30 |.}.G.bC.(.._.).0|
|
|
00000070 ff f6 84 af c4 cf c2 ed 90 99 5f 58 cb 3b 74 14 |.........._X.;t.|
|
|
00000080 03 03 00 01 01 17 03 03 00 17 c9 df 69 cf ca 6d |............i..m|
|
|
00000090 b4 7b 81 46 34 f6 0c e3 5b 88 92 91 24 80 93 03 |.{.F4...[...$...|
|
|
000000a0 f8 17 03 03 02 6d b9 46 75 89 0d 64 9d 7b 9a 2a |.....m.Fu..d.{.*|
|
|
000000b0 48 78 eb 93 8d c8 4d 16 fb 7e 95 77 ff 06 d2 aa |Hx....M..~.w....|
|
|
000000c0 30 34 cc 9e 5a f3 c1 b6 d5 17 fb b2 15 bb eb 11 |04..Z...........|
|
|
000000d0 28 5a 2f 6b d6 87 8c c6 17 00 4d 58 d1 27 af 88 |(Z/k......MX.'..|
|
|
000000e0 39 1f db 2e 0a 5b 36 8f a1 26 a9 00 be ba 5a b2 |9....[6..&....Z.|
|
|
000000f0 65 fa 14 8a 53 3c 6a 9e b7 73 1f fa 80 fd 03 c2 |e...S<j..s......|
|
|
00000100 0e 53 27 25 42 fb 4a 75 9e 18 80 09 d0 b5 dc 37 |.S'%B.Ju.......7|
|
|
00000110 a7 d3 d6 9d a1 a0 4e bc 1a a6 c8 78 e4 b9 e2 02 |......N....x....|
|
|
00000120 00 2a 4a c9 e5 8d 5a e3 83 60 ae 74 11 06 33 93 |.*J...Z..`.t..3.|
|
|
00000130 5d ed 89 6c 17 6b a4 c4 45 06 d0 8d 64 9a 37 eb |]..l.k..E...d.7.|
|
|
00000140 34 22 1d 70 b0 96 74 8b ba 17 ad bb 42 fd c7 30 |4".p..t.....B..0|
|
|
00000150 16 6a cc dd a9 97 1d 0a 34 1e f9 52 3b e8 49 e7 |.j......4..R;.I.|
|
|
00000160 41 ab 8a fb 29 b7 22 93 c1 ea 92 29 45 a1 e5 46 |A...)."....)E..F|
|
|
00000170 92 98 30 5f 2e f1 90 f4 a0 cb b3 0a 64 16 be 4c |..0_........d..L|
|
|
00000180 18 2c 83 ef 7b 7b e8 74 6f cf 99 c3 47 37 fd c4 |.,..{{.to...G7..|
|
|
00000190 a7 57 ba 2b d2 69 01 71 47 37 ac bd 7d a3 d7 cf |.W.+.i.qG7..}...|
|
|
000001a0 ce e5 bc d3 75 f8 d3 d8 e7 b4 57 81 8d 92 05 04 |....u.....W.....|
|
|
000001b0 12 b1 76 d0 9a 5c d6 76 54 9a 99 03 19 ee 92 ff |..v..\.vT.......|
|
|
000001c0 8e 12 50 50 d5 cb 2c d4 df 0b 6b 43 54 59 39 17 |..PP..,...kCTY9.|
|
|
000001d0 0e 3c 6a 87 6c 34 3a ec fb 87 88 bc df aa fc 08 |.<j.l4:.........|
|
|
000001e0 80 c8 c7 b8 5d 6e dc f9 e3 d3 15 36 5e db 64 cb |....]n.....6^.d.|
|
|
000001f0 6d f5 09 87 3e f8 b8 7c e0 89 7c 9b ca 3d bf 68 |m...>..|..|..=.h|
|
|
00000200 de 8f 68 89 02 c5 67 5a ff 71 02 34 00 96 15 d4 |..h...gZ.q.4....|
|
|
00000210 01 6d 6d 31 dc 77 62 b8 3e 72 b0 ab 4d da ea 6d |.mm1.wb.>r..M..m|
|
|
00000220 9a 2d 0e 5d b7 8e cc bc 5c 0a b3 13 5b 8c 86 de |.-.]....\...[...|
|
|
00000230 e3 1a 70 cd 9d 63 4c ea e2 56 f9 3b 05 8e 0b 96 |..p..cL..V.;....|
|
|
00000240 16 c9 a4 67 09 fe 88 ae 4b 8c d1 b3 19 10 0f fd |...g....K.......|
|
|
00000250 07 33 86 3a 6a 54 ef 69 27 02 bf 76 7c 05 ab 40 |.3.:jT.i'..v|..@|
|
|
00000260 e6 43 9e 3c 9b ee 0c d8 14 ff c1 09 a6 73 65 66 |.C.<.........sef|
|
|
00000270 54 1f a9 9c af fb 73 c4 cb 8c a7 3b c7 23 d6 99 |T.....s....;.#..|
|
|
00000280 a7 c6 af a1 62 54 30 f7 18 30 23 7d c0 e6 d3 fe |....bT0..0#}....|
|
|
00000290 a0 58 f1 c5 5e 37 70 90 47 73 45 b0 70 a9 45 1c |.X..^7p.GsE.p.E.|
|
|
000002a0 87 9f 0d ed bc ee 65 c2 50 91 55 a3 f9 eb 71 e8 |......e.P.U...q.|
|
|
000002b0 5a ee b3 3f 79 75 3a c9 98 7d 57 fc 51 78 b5 e5 |Z..?yu:..}W.Qx..|
|
|
000002c0 33 90 f1 d0 74 86 1a 51 2b f4 89 1a 19 48 2d 68 |3...t..Q+....H-h|
|
|
000002d0 d0 7b be c1 bb 9e c7 3e af 4b 80 1c ab 8f a2 9d |.{.....>.K......|
|
|
000002e0 17 96 da 42 16 49 a6 74 35 07 9a 7d 89 80 4d d6 |...B.I.t5..}..M.|
|
|
000002f0 04 43 11 68 6b e4 87 32 33 43 82 b3 9e b0 03 eb |.C.hk..23C......|
|
|
00000300 b9 15 01 86 01 db ea e3 67 5b 7f 9c 0e 54 03 21 |........g[...T.!|
|
|
00000310 04 29 7e 17 03 03 00 99 21 c7 e4 ea 6e 27 82 c6 |.)~.....!...n'..|
|
|
00000320 15 6a 4d cd 8d c5 41 e5 1e aa 5c 8b b9 e8 ee 2a |.jM...A...\....*|
|
|
00000330 04 53 ee 39 3d a1 9b 53 ab f8 4a 97 95 69 53 ef |.S.9=..S..J..iS.|
|
|
00000340 9b a9 3a d5 d1 0c a6 e3 fb 7d 30 b1 00 45 43 58 |..:......}0..ECX|
|
|
00000350 51 65 1f 60 e7 f4 0a 6a f6 8a 06 60 9b 5b 60 31 |Qe.`...j...`.[`1|
|
|
00000360 d5 df 8b 28 1a c4 cb 39 5d a3 2b fb eb c8 07 14 |...(...9].+.....|
|
|
00000370 07 ee 02 11 7f 85 c9 78 d8 f5 c1 6b 70 c1 b3 c1 |.......x...kp...|
|
|
00000380 c0 a8 a0 08 ac d3 4e 39 ca 21 b0 e6 1d ea 97 58 |......N9.!.....X|
|
|
00000390 6a e0 ac ad 10 19 75 13 7e 35 5d c6 2c ad a1 a2 |j.....u.~5].,...|
|
|
000003a0 79 ac 33 ed 4d 77 41 29 6c e2 05 80 d7 7b 05 a4 |y.3.MwA)l....{..|
|
|
000003b0 03 17 03 03 00 35 4b 22 e9 78 9e b1 75 a9 cd 91 |.....5K".x..u...|
|
|
000003c0 c6 4d f1 e9 f2 a7 42 59 d5 c0 9e f3 9e 8f 7a 17 |.M....BY......z.|
|
|
000003d0 21 ba 01 5b d3 0f 91 52 63 12 d9 4f be 84 75 2e |!..[...Rc..O..u.|
|
|
000003e0 a2 46 a9 45 f5 d6 a1 60 a0 17 79 17 03 03 00 8b |.F.E...`..y.....|
|
|
000003f0 92 fc 11 26 97 33 82 f1 e4 62 5d 2a 56 3c d8 80 |...&.3...b]*V<..|
|
|
00000400 6b 6d ce f9 5f 43 2f 8e 24 0b 46 0b a5 5a 22 d5 |km.._C/.$.F..Z".|
|
|
00000410 ff 33 d7 e6 04 2e 37 5b 00 45 9d 8b 62 49 81 b1 |.3....7[.E..bI..|
|
|
00000420 97 ca d5 84 dd f9 7e 1a 7a a3 45 46 b9 db a7 d4 |......~.z.EF....|
|
|
00000430 07 3d 54 39 b1 de 54 16 bc d7 ba e7 b8 92 02 eb |.=T9..T.........|
|
|
00000440 0c 3c b1 48 40 53 68 f5 fc 0f 6a 64 67 fb 79 cd |.<.H@Sh...jdg.y.|
|
|
00000450 75 ed 65 7c 88 01 04 43 ed 00 44 68 c3 74 c1 bc |u.e|...C..Dh.t..|
|
|
00000460 63 4a cf e9 e5 20 21 0e da da 09 fd ac c6 1c 7a |cJ... !........z|
|
|
00000470 69 e4 90 fc e2 3b 12 df 3a 11 f4 |i....;..:..|
|
|
>>> Flow 3 (client to server)
|
|
00000000 14 03 03 00 01 01 17 03 03 00 35 0f c5 0c ac c4 |..........5.....|
|
|
00000010 a9 7e 32 56 fd 68 b8 86 66 8a 66 da 65 0a 5a ee |.~2V.h..f.f.e.Z.|
|
|
00000020 1a a5 11 ec 1c 42 28 2f 8e a3 98 49 80 a5 9e e3 |.....B(/...I....|
|
|
00000030 5f cf 51 93 44 b2 f2 e0 6e 58 ea c6 50 84 14 ef |_.Q.D...nX..P...|
|
|
>>> Flow 4 (server to client)
|
|
00000000 17 03 03 00 1e 3c 0f a4 3b d6 72 2e 40 dd 5d 79 |.....<..;.r.@.]y|
|
|
00000010 e4 57 25 46 95 76 98 6a 4f aa 75 b5 2f 40 67 2e |.W%F.v.jO.u./@g.|
|
|
00000020 ff ac 49 17 03 03 00 13 93 90 ac d8 14 54 32 66 |..I..........T2f|
|
|
00000030 fa af 38 24 7c 58 75 62 88 60 34 |..8$|Xub.`4|
|