crypto/tls: rotate session keys in older TLS versions

Also encode the certificates in a way that's more consistent with TLS 1.3 (with a 24 byte length prefix). Note that this will have an additional performance cost requiring clients to do a full handshake every 7 days where previously they were able to use the same ticket indefinitely. Updates #25256 Change-Id: Ic4d1ba0d92773c490b33b5f6c1320d557cc7347d Reviewed-on: https://go-review.googlesource.com/c/go/+/231317 Run-TryBot: Katie Hockman <katie@golang.org> TryBot-Result: Gobot Gobot <gobot@golang.org> Reviewed-by: Filippo Valsorda <filippo@golang.org>
2025-12-08 06:10:04 +00:00 · 2020-04-30 20:11:55 -04:00 · 2020-04-30 20:11:55 -04:00 · 6ea19bb668
commit 6ea19bb668
parent b1760f3a27
11 changed files with 408 additions and 393 deletions
--- a/src/crypto/tls/handshake_server.go
+++ b/src/crypto/tls/handshake_server.go
@ -15,6 +15,7 @@ import (
 	"fmt"
 	"io"
 	"sync/atomic"
+	"time"
 )

 // serverHandshakeState contains details of a server handshake in progress.
@ -368,6 +369,11 @@ func (hs *serverHandshakeState) checkForResumption() bool {
 		return false
 	}

+	createdAt := time.Unix(int64(hs.sessionState.createdAt), 0)
+	if c.config.time().Sub(createdAt) > maxSessionTicketLifetime {
+		return false
+	}
+
 	// Never resume a session for a different TLS version.
 	if c.vers != hs.sessionState.vers {
 		return false
@ -689,6 +695,7 @@ func (hs *serverHandshakeState) sendSessionTicket() error {
 	state := sessionState{
 		vers:         c.vers,
 		cipherSuite:  hs.suite.id,
+		createdAt:    uint64(c.config.time().Unix()),
 		masterSecret: hs.masterSecret,
 		certificates: certsFromClient,
 	}