crypto/tls: server doesn't check for empty legacy_session_id when doing QUIC session resumption #63936

marten-seemann · 2023-11-03T16:00:32Z

What version of Go are you using (`go version`)?

$ go version
go version go1.21.0 darwin/arm64

Does this issue reproduce with the latest release?

Yes

What did you do?

I sent a ClientHello containing a legacy_session_id when resuming a QUIC session. This is not permitted, see section 8.4 of RFC 9001.

What did you expect to see?

The server should have rejected the handshake. RFC 9001 section 8.4 says that the server SHOULD treat the receipt of a TLS ClientHello with a non-empty legacy_session_id field as a connection error of type PROTOCOL_VIOLATION.

What did you see instead?

The handshake succeeded.

The text was updated successfully, but these errors were encountered:

mauri870 · 2023-11-08T01:43:16Z

/cc @golang/security

mauri870 added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Nov 6, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

crypto/tls: server doesn't check for empty legacy_session_id when doing QUIC session resumption #63936

crypto/tls: server doesn't check for empty legacy_session_id when doing QUIC session resumption #63936

marten-seemann commented Nov 3, 2023

mauri870 commented Nov 8, 2023

crypto/tls: server doesn't check for empty legacy_session_id when doing QUIC session resumption #63936

crypto/tls: server doesn't check for empty legacy_session_id when doing QUIC session resumption #63936

Comments

marten-seemann commented Nov 3, 2023

What version of Go are you using (go version)?

Does this issue reproduce with the latest release?

What did you do?

What did you expect to see?

What did you see instead?

mauri870 commented Nov 8, 2023

What version of Go are you using (`go version`)?