don't use TLS 1.3 compatibility mode when using alternative record layer

Compatibility mode consists of: * clients sending a legacy_session_id in the ClientHello * both endpoints sending change_cipher_spec record change_cipher_spec records are already filtered out by Conn.writeRecord(). This commit makes sure that the session_id is only set when no alternative record layer is used.
quic-go · Mar 18, 2023 · 73f8bcb · 73f8bcb
1 parent 9aac34b
commit 73f8bcb
Showing 1 changed file with 5 additions and 3 deletions.
diff --git a/handshake_client.go b/handshake_client.go
@@ -83,7 +83,6 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *ecdh.PrivateKey, error) {
 		vers:                         clientHelloVersion,
 		compressionMethods:           []uint8{compressionNone},
 		random:                       make([]byte, 32),
-		sessionId:                    make([]byte, 32),
 		ocspStapling:                 true,
 		scts:                         true,
 		serverName:                   hostnameInSNI(config.ServerName),
@@ -126,8 +125,11 @@ func (c *Conn) makeClientHello() (*clientHelloMsg, *ecdh.PrivateKey, error) {
 	// A random session ID is used to detect when the server accepted a ticket
 	// and is resuming a session (see RFC 5077). In TLS 1.3, it's always set as
 	// a compatibility measure (see RFC 8446, Section 4.1.2).
-	if _, err := io.ReadFull(config.rand(), hello.sessionId); err != nil {
-		return nil, nil, errors.New("tls: short read from Rand: " + err.Error())
+	if c.extraConfig == nil || c.extraConfig.AlternativeRecordLayer == nil {
+		hello.sessionId = make([]byte, 32)
+		if _, err := io.ReadFull(config.rand(), hello.sessionId); err != nil {
+			return nil, nil, errors.New("tls: short read from Rand: " + err.Error())
+		}
 	}
 
 	if hello.vers >= VersionTLS12 {