proposal: crypto/tls: custom TLS extensions support #51497
Labels
FrozenDueToAge
Proposal
Proposal-Crypto
Proposal related to crypto packages or other security issues
Milestone
A similar issue had been opened at #25807 but it was retracted without any explanation so I would like to bring this into light again as it is a pain for VPN solutions written in Go.
TLS Hello messages are allowed to have custom extensions therefore an application can ask the underlying TLS library to add arbitrary data. As we really need this we have ended up patching Go so I can actually present a working solution to give a general idea of what I mean and how it can play out:
crypto/tls/common.go
HelloExtensions []HelloExtension
in theConfig struct
and copy in theClone()
func[]HelloExtension
toclientHelloMsg
(client case)tls.HelloExtension{ Type: XXX, Data: YYY}
and append them in thetls.Config.HelloExtensions
The text was updated successfully, but these errors were encountered: