You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
On resumed connections, the OCSP response and SCTs are dropped on the floor on the client-side. In the case of TLS 1.3, those parameters are available within the Certificate on the sessionStateTLS13 provided to the client, but just currently aren't being used. In the case of TLS 1.2, those parameters aren't included in the session state at all, since the certificates are just passed along as raw bytes. So fixing this for TLS 1.2 and earlier versions will require an update to the sessionState structure.
This will be particularly relevant now that 1.15 will include a VerifyConnection callback on the ConnectionState, which devs will use to access the OCSP responses and SCTs and do any necessary verification against them. Fixing this would be a stabilization fix for that new feature to align with user expectations.
katiehockman
changed the title
crypto/tls: OCSP and SCTs aren't included in resumed connections
crypto/tls: OCSP and SCTs are dropped in resumed connections
May 14, 2020
Change https://golang.org/cl/234237 mentions this issue: crypto/tls: restore OCSP and SCTs during session resumption
FiloSottile
changed the title
crypto/tls: OCSP and SCTs are dropped in resumed connections
crypto/tls: OCSP and SCTs are dropped in resumed connections [freeze exception]
Jun 2, 2020
@rsc @golang/osp-team I'd like to ask for a freeze exception to land this fix. The bug is old in the context of Conn.ConnectionState, but the same structure is now passed to the (new in Go 1.15) VerifyConnection callback. Landing VerifyConnection without this fix will make the former not work correctly in the affected scenarios. The CL is ready and pretty safe.
On resumed connections, the OCSP response and SCTs are dropped on the floor on the client-side. In the case of TLS 1.3, those parameters are available within the
Certificate
on thesessionStateTLS13
provided to the client, but just currently aren't being used. In the case of TLS 1.2, those parameters aren't included in the session state at all, since the certificates are just passed along as raw bytes. So fixing this for TLS 1.2 and earlier versions will require an update to thesessionState
structure.This will be particularly relevant now that 1.15 will include a VerifyConnection callback on the ConnectionState, which devs will use to access the OCSP responses and SCTs and do any necessary verification against them. Fixing this would be a stabilization fix for that new feature to align with user expectations.
/cc @FiloSottile
The text was updated successfully, but these errors were encountered: