Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

proposal: crypto/tls: Export list of Supported TLS Client Extensions #36337

Closed
fishboy25uk opened this issue Dec 31, 2019 · 4 comments
Closed

proposal: crypto/tls: Export list of Supported TLS Client Extensions #36337

fishboy25uk opened this issue Dec 31, 2019 · 4 comments
Labels
FrozenDueToAge Proposal Proposal-Crypto Proposal related to crypto packages or other security issues
Projects
Proposals (old)
Milestone
Proposal

Comments

@fishboy25uk
Copy link

The clientHelloMsg unmarshal function (in handshake_messages.go) currently exports client information such as supported cipher suites and curves but does not export a list of supported extensions in the form of a uint16 slice. Client extension information is already parsed so this would be a simple mod. Modification of the ClientHelloInfo struct (common.go) and the clientHelloInfo functions (handshake_server.go) would also be required to export this info in the GetConfigForClient callback.

A use case for this would be to allow for TLS server client fingerprinting on the server side using JA3 (https://engineering.salesforce.com/tls-fingerprinting-with-ja3-and-ja3s-247362855967).
@gopherbot gopherbot added this to the Proposal milestone Dec 31, 2019
@fishboy25uk fishboy25uk changed the title proposal: crypto/tls: Export list of Supported Client Extensions proposal: crypto/tls: Export list of Supported TLS Client Extensions Dec 31, 2019
@rsc rsc added the Proposal-Crypto Proposal related to crypto packages or other security issues label Jan 8, 2020
@FiloSottile
Copy link
Contributor

We don't surface values to the application when there is no other use case than fingerprinting. Not because fingerprinting is not a valid use case, but because it asymptotically tends to require access to everything, polluting the API.

Instead, I usually recommend making a net.Conn wrapper that reads the ClientHello off the wire and makes all of the details available as needed.

@rsc rsc added this to Active in Proposals (old) Feb 12, 2020
@rsc
Copy link
Contributor

rsc commented Feb 12, 2020

Adding to proposal minutes, seems headed for likely decline.

@rsc rsc mentioned this issue Feb 12, 2020
Open
@rsc
Copy link
Contributor

rsc commented Feb 26, 2020

Based on the discussion above, this seems like a likely decline.

@rsc rsc moved this from Active to Likely Decline in Proposals (old) Feb 26, 2020
@rsc
Copy link
Contributor

rsc commented Mar 4, 2020

No change in consensus, so declined.

@rsc rsc closed this as completed Mar 4, 2020
@rsc rsc moved this from Likely Decline to Declined in Proposals (old) Mar 4, 2020
@golang golang locked and limited conversation to collaborators Mar 4, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge Proposal Proposal-Crypto Proposal related to crypto packages or other security issues
Projects
No open projects
Proposals (old)
Declined
Milestone
Proposal
Development

No branches or pull requests
4 participants
@rsc @FiloSottile @gopherbot @fishboy25uk