Is it possible to compare TLS session tickets?
54 views
Skip to first unread message
Nicola Murino
May 8, 2021, 2:53:51 PM5/8/21
to golang-nuts
Hi all,
in my Go TLS server I need to do something like this:
https://github.com/proftpd/proftpd/blob/596125b2fb16b7823a7901c8e350367f67c4b427/contrib/mod_tls.c#L8137
so:
1) check that the client resumed an existing TLS session.
For this I think I can use the DidResume bool from the ConnectionState struct (https://golang.org/pkg/crypto/tls/#ConnectionState)
2) compare the resumed session from the data connection and ensure it matches the one from the control connection. Basically I need to check that the session tickets match. ProFTPD sets the expected id on the ticket appdata and then checks it.
For what I can understand this does not seem possible in Go, am I wrong? Is there another way to accomplish the same thing or is this feature planned for a future Go version? Thank you
in my Go TLS server I need to do something like this:
https://github.com/proftpd/proftpd/blob/596125b2fb16b7823a7901c8e350367f67c4b427/contrib/mod_tls.c#L8137
so:
1) check that the client resumed an existing TLS session.
For this I think I can use the DidResume bool from the ConnectionState struct (https://golang.org/pkg/crypto/tls/#ConnectionState)
2) compare the resumed session from the data connection and ensure it matches the one from the control connection. Basically I need to check that the session tickets match. ProFTPD sets the expected id on the ticket appdata and then checks it.
For what I can understand this does not seem possible in Go, am I wrong? Is there another way to accomplish the same thing or is this feature planned for a future Go version? Thank you
Reply all
Reply to author
Forward
0 new messages