New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/tls: delete session tickets on TLS handshake failure #26604
Conversation
When a server accepts a session ticket presented by a client, but the TLS handshake fails, RFC 5077 recommends that the client delete the ticket. Because adding a full Delete method to the interface for ClientSessionCache would break existing implementations, we have the handshake implementation put a nil value instead. Fixes golang#24919
Thanks for your pull request. It looks like this may be your first contribution to a Google open source project (if not, look below for help). Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please visit https://cla.developers.google.com/ to sign. Once you've signed (or fixed any issues), please reply here (e.g. What to do if you already signed the CLAIndividual signers
Corporate signers
|
0090c13
to
8fbbf63
Compare
CLA signed! |
CLAs look good, thanks! |
Message from Gerrit User 5976: Patch Set 1: Congratulations on opening your first change. Thank you for your contribution! Next steps: Most changes in the Go project go through a few rounds of revision. This can be During May-July and Nov-Jan the Go project is in a code freeze, during which Please don’t reply on this GitHub thread. Visit golang.org/cl/128477. |
Message from Gerrit User 28735: Patch Set 1: Filippo, have you had a chance to look at this yet? Please don’t reply on this GitHub thread. Visit golang.org/cl/128477. |
Message from Gerrit User 11715: Patch Set 1: Run-TryBot+1 (3 comments) Add docs about the nil behavior to ClientSessionCache.Put. Not strictly backwards-compatible addition, but it was unspecified before and anyway nobody reimplements ClientSessionCache AFAICT. Please don’t reply on this GitHub thread. Visit golang.org/cl/128477. |
Message from Gerrit User 5976: Patch Set 1: TryBots beginning. Status page: https://farmer.golang.org/try?commit=7a1f8179 Please don’t reply on this GitHub thread. Visit golang.org/cl/128477. |
Message from Gerrit User 5976: Patch Set 1: TryBot-Result+1 TryBots are happy. Please don’t reply on this GitHub thread. Visit golang.org/cl/128477. |
This PR is being closed because golang.org/cl/128477 has been abandoned. |
When a server accepts a session ticket presented by a client, but
the TLS handshake fails, RFC 5077 recommends that the client delete
the ticket. Because adding a Delete method to the interface for
ClientSessionCache would break existing implementations, we have the
handshake implementation overwrite the ticket with a nil instead.
Fixes #24919