You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
crypto/tls has no API to verify which TLS session was resumed. This is an issue for FTPS: to avoid data connection stealing vulnerability we need to require TLS session resumption and to enforce that the TLS session on the data connection was resumed from the one on the control connection.
I propose to add two new API to the ConnectionState struct:
// GetID returns a unique identifier for a TLS connection
GetID() []byte
// ResumedFrom returns the session identifier from which this session was resumed.
// It returns nil if the session was not resumed
ResumedFrom() []byte
this way we can store/get the session ID for the FTP control connection and check that ResumedFrom matches the expected ID.
I'm aware that a unique TLS identifier is not easy to expose and that it is difficult to match TLS sessions (but at least possible) also with OpenSSL
The text was updated successfully, but these errors were encountered:
@seankhliao I saw the linked tickets, I think this is not a duplicate of #25228: the session resumption already supported in Go works fine for my use case, but it is not possible to check which session was resumed. So this proposal isn't about implementing session id resumption, session tickets are ok.
Regarding #18346 this is a different use case and TLSUnique is now deprecated and it is nil for resumed sessions, so it is not useful for the exposed use case.
I'm unable to find any existing ticket/proposal about a API to verify which TLS session was resumed, this is the reason I opened a new proposal, thank you
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes
What operating system and processor architecture are you using (
go env
)?go env
Outputcrypto/tls has no API to verify which TLS session was resumed. This is an issue for FTPS: to avoid data connection stealing vulnerability we need to require TLS session resumption and to enforce that the TLS session on the data connection was resumed from the one on the control connection.
Please take a look here for more details.
I propose to add two new API to the
ConnectionState
struct:this way we can store/get the session ID for the FTP control connection and check that
ResumedFrom
matches the expected ID.I'm aware that a unique TLS identifier is not easy to expose and that it is difficult to match TLS sessions (but at least possible) also with OpenSSL
The text was updated successfully, but these errors were encountered: