Navigation Menu

Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: session resumption (session id caching) #18607

Closed
tam7t opened this issue Jan 11, 2017 · 3 comments
Closed

crypto/tls: session resumption (session id caching) #18607

tam7t opened this issue Jan 11, 2017 · 3 comments
Labels
Documentation FrozenDueToAge
Milestone
Go1.9

Comments

@tam7t
Copy link

tam7t commented Jan 11, 2017
edited

What version of Go are you using (go version)?

go version go1.7.4 darwin/amd64

What operating system and processor architecture are you using (go env)?

GOARCH="amd64"
GOBIN=""
GOEXE=""
GOHOSTARCH="amd64"
GOHOSTOS="darwin"
GOOS="darwin"

What did you do?

I have 2 web servers, one that supports TLS session resumption based on a session cache and another that supports session cache and session tickets.

https://play.golang.org/p/9n4OZRjqHh

What did you expect to see?

I had expected the 2nd connection to each server to resume the session.

What did you see instead?

DidResume is only true for the server that supports session ticket resumption.

It appears that session ID caching is not supported in client or server mode. Perhaps the documentation for ClientSessionCache could be a bit more explicit that it is only a cache for session tickets.
@bradfitz bradfitz added this to the Go1.9 milestone Jan 11, 2017
@FiloSottile
Copy link
Contributor

Session ID caching is not supported in neither client nor server.

I guess the client side can be documented in Config.ClientSessionCache. Not sure where the docs for the server side could go.

I had to look at the code myself a week ago to confirm this.

@Kanshiroron
Copy link

Any plan on implementing it?
The thing is without this feature, it's impossible to configure a load balancer with sticky TLS sessions (without TLS offload)

@FiloSottile
Copy link
Contributor

No plans I'm aware of. You can open a new issue to request the feature.

Almost sure you could implement sticky TLS on top of tickets with #19199, but the discussion should move away from this closed issue.

@golang golang locked and limited conversation to collaborators May 18, 2018
FiloSottile pushed a commit to FiloSottile/go that referenced this issue Oct 12, 2018
@agl @bradfitz
crypto/tls: document that only tickets are supported.
2a38c62 
This change clarifies that only ticket-based resumption is supported by
crypto/tls. It's not clear where to document this for a server,
although perhaps it's obvious there because there's nowhere to plug in
the storage that would be needed by SessionID-based resumption.

Fixes golang#18607

Change-Id: Iaaed53e8d8f2f45c2f24c0683052df4be6340922
Reviewed-on: https://go-review.googlesource.com/36560
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
FiloSottile pushed a commit to FiloSottile/go that referenced this issue Oct 12, 2018
@agl @bradfitz
crypto/tls: document that only tickets are supported.
2fd73e7 
This change clarifies that only ticket-based resumption is supported by
crypto/tls. It's not clear where to document this for a server,
although perhaps it's obvious there because there's nowhere to plug in
the storage that would be needed by SessionID-based resumption.

Fixes golang#18607

Change-Id: Iaaed53e8d8f2f45c2f24c0683052df4be6340922
Reviewed-on: https://go-review.googlesource.com/36560
Reviewed-by: Brad Fitzpatrick <bradfitz@golang.org>
@rsc rsc unassigned agl Jun 23, 2022
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Documentation FrozenDueToAge
Projects
None yet
Milestone
Go1.9
Development

No branches or pull requests
6 participants
@bradfitz @agl @FiloSottile @tam7t @Kanshiroron @gopherbot