Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

TLS session tickets #1430

Merged
merged 13 commits into from
Aug 7, 2020
Merged

TLS session tickets #1430

merged 13 commits into from
Aug 7, 2020

Conversation

vankoven
Copy link
Contributor

@vankoven vankoven commented Jul 9, 2020
edited
Loading

fix #1054

Not all requirements from 1054 is fulfilled yet. But the ticket subsystem works well under heavy load.

Basic tests can be done using:

openssl s_client -connect 192.168.122.12:443 -debug  -tls1_2  -reconnect -state -msg -tlsextdebug -security_debug_verbose

and https://github.com/vincentbernat/rfc5077/blob/master/rfc5077-client.c tool

Still in todo:

  • handshake limits
  • NewTicketMessage is sent separately from ChangeCipherSpec and Finished. The same apply to ServerHello and ChangeCipherSpec and Finished durin abbreviated handshake. Need to send them in one tcp frame.

@vankoven
Cleanup whitespace mess and code style
9ceca08
@vankoven
TLS errors are negative hexdemical numbers, show the number correctly…
510af42 
… for easier grepping
@vankoven
Fix misprint issue leading to client session value loss
9dbaa69
@vankoven
Implement tls session tickets.
21d261d 
Although RFC 5077 claims that RFC 4507 encoding is wrong and doesn't
fit current implementations, debugging tools like curl or wireshark
actually use "old format". Doesn't really affect anything, just makes
debugging easier.
@vankoven
Bump copyrights
708e49b
@vankoven
Don't send ticket extension if the tickets are disabled
ef3d524
@vankoven
Resumption fsm fix: if session is resumed wait for a new client messa…
fc6e2c8 
…ge before check it
@vankoven
Fix checksum calculations for abbreviated handshake
7f6c950
@vankoven
Don't send supported point formats in abbreviated handshake in Server…
01a2708 
… Hello message
@vankoven
Revert "Cleanup whitespace mess and code style"
2a74254 
This reverts commit 9ceca08.

The same change is already done in the ak-secp256-perf branch and has
nothingimportant for the current branch. Just drop the chacnges  to
avoid extra work during merge.
@vankoven
tls tickets: avoid error accumulation in timer timestamp
48d439a
@vankoven
tls tickets: remove unused message digest key. aead crypto already ad…
6a60f7c 
…ds message tag
@krizhanovsky krizhanovsky mentioned this pull request Aug 6, 2020
Closed
krizhanovsky
krizhanovsky approved these changes Aug 7, 2020
View reviewed changes
Copy link
Contributor

@krizhanovsky krizhanovsky left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've made a relatively quick review just not to block the merge. All the changes can be done in a next PR.

tls/tls_ticket.c Show resolved Hide resolved
tls/tls_ticket.c Show resolved Hide resolved
tls/ttls.h Show resolved Hide resolved
tls/tls_ticket.c Show resolved Hide resolved
tls/tls_srv.c Outdated Show resolved Hide resolved
tls/tls_srv.c Outdated Show resolved Hide resolved
@vankoven vankoven merged commit c64ac3b into master Aug 7, 2020
@vankoven vankoven deleted the ik-tls-session-tickets branch August 7, 2020 11:25
@vankoven vankoven mentioned this pull request Aug 7, 2020
Closed
6 tasks
@krizhanovsky krizhanovsky mentioned this pull request Nov 7, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@keshonok keshonok keshonok left review comments

@krizhanovsky krizhanovsky krizhanovsky approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

TLS sessions resumption
3 participants
@vankoven @krizhanovsky @keshonok